Web 2.0 security end-user survey - please input questions from Giles Hogben on 2008-08-13 (public-pling@w3.org from August 2008)

From: Giles Hogben <Giles.Hogben@enisa.europa.eu>
Date: Wed, 13 Aug 2008 14:22:20 +0300
To: <public-pling@w3.org>
Message-ID: <3FA6AD22F0D6E64B81E89647A2A1C0E1B926F9@dimitra.net1.enisa.europa.eu>

Dear All,
ENISA (European Network and Information Security Agency) has commissioned a survey to be conducted by research company YouGov on Web 2.0 security and privacy issues. The aim is to collect data on the attitudes and experiences of end-users in wrt security and privacy in Web 2.0 scenarios. This will be input to a paper we will issue in November on Web 2.0 security and privacy aimed at political decision-makers.

We are currently soliciting suggestions for questions. Pling members will doubtless have many useful suggestions. If your organisation would like to propose some questions in this area, please send me ( giles.hogben@enisa.europa.eu ) your suggestions by Monday 18th August.

Here are some examples of proposed questions so far:

* I have problems figuring out whether a source is trustworthy
* I give away my email account details to invite friends to a social application
* I have had problems resolving a dispute arising from a Web 2.0 application.
* It is easy to verify a person's age reliably
* I can control the use of my personal information in social networks. (Perhaps "I have been surprised by use of personal information in social networks")
* Have you ever refused to enter data on a website because the website appears untrustworthy? Because of privacy concerns?
* Would you use an online banking aggregation service?
* Service providers should censor content to protect minors.
* Which of the following are Web 2.0 features (end-user content, SOA, rich user-interfaces ....)

FYI our working definition of Web 2.0 is:

• Rich browser-based applications including Asynchronous Javascript XML (AJAX) and flash applications.
• End-user-generated web content: content generated using a browser-based application rather than being uploaded directly to a web-server. Such content is often subject to radically different or less well-defined security and regulatory regimes from content generated and controlled directly by the service-provider.
• Client-side code, community-based widgets, user-defined code, community-based software, Ajax, IFrames, etc...
• Co-operative dynamic services deriving content and functionality from multiple sources, jurisdictions and Legal Entities. Examples are so-called mash-ups and dynamically composed web-services and content syndication. E.g. Opensocial, Google Mashups etc...

Regards,

Giles Hogben

Network Security Policy Expert
European Network & Information Security Agency (ENISA)
Tel: +30 2810 391892
Fax: +30 2810 39000

Received on Wednesday, 13 August 2008 11:22:59 UTC