W3C home > Mailing lists > Public > public-html@w3.org > September 2008

Re: Privacy implications of automatic alternative selection (Re: Acessibility of <audio> and <video>)

From: Henri Sivonen <hsivonen@iki.fi>
Date: Fri, 12 Sep 2008 12:06:13 +0300
Cc: "'Charles McCathieNevile'" <chaals@opera.com>, "'HTML WG'" <public-html@w3.org>, "'W3C WAI-XTECH'" <wai-xtech@w3.org>, "'Dave Singer'" <singer@apple.com>
Message-Id: <E8516281-4BA5-46C4-9824-940B4F76BD52@iki.fi>
To: Justin James <j_james@mindspring.com>

First, I should point out that I didn't bring the privacy issue up on  
the telecon but I made a follow-up observation, and I was asked (off- 
telecon) to email the list about it.

(On the telecon, I said I liked the MQ idea. I'm inclined to think the  
benefits of automatic selection of captioning or audio description  
would outweigh the privacy concern.)

Also note that there is precedent to considering the privacy issues of  
automatic content alternative selection (and choosing to enable  
automatic selection nonetheless):
http://tools.ietf.org/html/rfc2616#section-15.1.4

On Sep 12, 2008, at 06:20, Justin James wrote:

> I think that this discussion is fairly... pointless. Privacy is not  
> the concern of this group.

Actually, it is. Consider the discussion about the ping attribute for  
instance.

> Non-disabled users have privacy concerns all of the time, and if  
> they want privacy, they check the privacy policy. Furthermore, there  
> is already a fairly good mechanism for this in place, the much  
> underutilized P3P system. Finally, for users that are *super*  
> concerned about privacy at the server side there are anonymizers.

Those are all evidence that the system doesn't address privacy in its  
architecture to a degree satisfactory for everyone.

> Let's take an emotion-free look at this situation for one moment. If  
> I go to WebMD and do a lot of search on, say, "diabetes", "insulin",  
> etc., it could be inferred that I am quite possibly diabetic. And  
> this isn't even an HTML issue. It's simply a "what requests  
> originated from the same IP?" Why aren't we trying to keep servers  
> from figuring out who is diabetic? Because *it isn't our concern*.

More to the point, that should have been a concern when HTML and HTTP  
were first designed. An maybe it was, but that particular  
architectural ship has already sailed (and the benefits of the  
architecture probably outweigh the problems).

Anyway, when you perform a search on WebMD, you communicate diabetes- 
interest-correlated data to WebMD. You are not broadcasting it to  
every site you visit. Likewise, if the user on a site offering video  
manually picks one of multiple alternative versions, that choice is  
communicated to that site only. However, an automatic selection  
mechanism allows any site the user visits to probe the users settings  
without the user deciding if (s)he wants to share those settings with  
a particular site.

-- 
Henri Sivonen
hsivonen@iki.fi
http://hsivonen.iki.fi/
Received on Friday, 12 September 2008 09:07:09 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:38:58 UTC