Do not expose the exact location of food baskets
Motivated by the following discussion: https://yunity.slack.com/archives/CC1FA1Y8G/p1559215881000400
Description
The exact location of baskets (which usually corresponds to the home location) is currently public. Registered foodsharers can even connect the location to a user profile, deducting the exact home location of other foodsharers.
Some foodsharers would prefer not publish the exact location of their baskets but only a rough area (e.g. a circle containing the basket). Similar map based applications use a similar approach (e.g. Airbnb, ebay kleinanzeigen etc.) to hide the exact location of users.
Impact
Basket providers: Their exact home location is not exposed (may currently prevents some users from creating baskets)
Basket requesters: They do not see the exact location anymore. May make the pickup more difficult.
Proposal
When returning baskets (displayed on the website or via the api) instead of the exact coordinates an area containing the basket should be returned and only this area is displayed on the map. In a first step, we could only display the center of this area which would not require any changes in the frontend.
Suggestions on how to calculate the areas ([1] contains a discussing on some approaches):
- Random circle containing the basket could be calculated as described in [2]
- Cons: This needs to be properly seeded (across multiple baskets) to avoid leaking the exact location
- Possible solution: Store the randomised location (or the seed) in the database. When creating a new basket, first check whether the user already created a basket close by and take the same randomised location.
- Cons: This needs to be properly seeded (across multiple baskets) to avoid leaking the exact location
- Round the exact coordinates to for example the third decimal (see [3] on how this would look like)
- Pro: This is deterministic and thus does not require additional seeding
- Cons: In the UI a circle is much nicer than a rectangle
Open questions:
- How large should the returned area be? Is 100m enough?
Should the size be configurable by the user (depending on the population density different sizes are probably appropriate)? (overkill for now) Should AMB / Orga be able to access the exact location?
Links / references
[1] https://news.ycombinator.com/item?id=19191805
[2] https://jordinl.com/posts/2019-02-15-how-to-generate-random-geocoordinates-within-given-radius
[3] https://publiclab.github.io/leaflet-blurred-location/examples/