- From: <jeanpierre.lerouzic@orange-ftgroup.com>
- Date: Tue, 14 Jul 2009 00:46:47 +0200
- To: <ashok.malhotra@oracle.com>
- Cc: <A.K.Bandara@open.ac.uk>, <MCrompton@iispartners.com>, <public-pling@w3.org>, <renato@nicta.com.au>
Hi Ashok and all, I am on holidays right now and don't intend to go back to office, but I remember nice articles from Microsoft research on the subject of privacy and evidence or privacy and inference. For example there are articles exploring how information could be cross checked. Other articles highlight that an information could be given in one context but not in another so the decision a user has do is never perfect. It's similar to your line of thought below. In the EU project named SERVERY we also try to explore those ideas. Still I want to emphasize the fact that if -as everyone here agrees- there is no avantage to use a simple authorize/prohibit mechanism, even a sophisticated authorize/prohibit mechanism to enforce privacy policies (for example by using an efficient user profiling tool and reasonning/statistics) is not enough in most real life situations (see the Google maps example): If we want to gain a wide audience we have also to propose sensible fallback solutions to the user in the case she doesn't want to give some private information to the service provider but still want to use the service. Best regards, Jean-Pierre -----Message d'origine----- De : ashok malhotra [mailto:ashok.malhotra@oracle.com] Envoyé : dimanche 12 juillet 2009 14:20 À : LE ROUZIC Jean-Pierre RD-MAPS-REN Cc : A.K.Bandara@open.ac.uk; MCrompton@iispartners.com; public-pling@w3.org; renato@nicta.com.au Objet : Re: Geolocation Last Call Jeanpierre: Can you send a pointer to these new ideas? Thanks! All the best, Ashok jeanpierre.lerouzic@orange-ftgroup.com wrote: > Hi all, > > Among developments in privacy, there are ideas on using evidence and statistics to manage user's privacy in a much simpler way with a finer grain than this kind of dashboard like 3GPP's UPM, where service are either authorized or forbidden. > > But I am not sure it's a so big problem in real life as the end user will probably be aware she is using a geolocalized service so there is no meaning in making it impossible to be localized. It is more simpler to not use the geolocalized service. > For example how one could want at the same time to use Google maps to get direction but being afraid of been located? > > Using a service means the user accepts to disclose some information. A way to deal with that is to use some proxy or third party that will make the request for the end user but will make it impossible for the service to cross check information (for example ID AND location). > > Best regards, > > > Jean-Pierre > > > > -----Message d'origine----- > De : public-pling-request@w3.org [mailto:public-pling-request@w3.org] > De la part de Arosha K Bandara Envoyé : vendredi 10 juillet 2009 18:57 > À : MCrompton@iispartners.com; public-pling@w3.org Cc : > ashok.malhotra@oracle.com; 'Renato Iannella' > Objet : Re: Geolocation Last Call > > Absolutely agree about these issues. "Easy to use" controls are not simply about privacy settings for sharing information at a given point in time. It also requires some appreciation of the potential future value of the information - something that we are not very good at assessing anyway. > > I am an investigator on the PRiMMA project (http://primma.open.ac.uk) at the Open University in the UK where we are also looking at some of these issues. I look forward to being a more active participant in this discussion going forward. > > - Arosha > > > Malcolm Crompton wrote: > >> I agree, strongly. The lack of sophistication in thinking around >> location based services & privacy is sometimes breathtaking. It is >> neither 'anything goes' nor 'never disclose'. It has to be much more >> nuanced than that. A person on the lookout for a chance date is in a >> vastly different position from the person who is the secret >> negotiator going to the secret meeting to lock down the multi-million >> dollar deal. AND the technology is NEVER going to be able to tell >> the difference, especially because it could in fact be the same person at different times in the same day. >> >> And that is before we bring in policing, national security and >> emergency rescue... >> >> Informed, easy to use control with the right default settings (just >> ask the behavioural economists et al) is going to be the only solution. >> >> Regards >> >> Malcolm Crompton >> >> Managing Director >> Information Integrity Solutions Pty Ltd ABN 78 107 611 898 >> >> T: +61 407 014 450 >> >> MCrompton@iispartners.com >> www.iispartners.com >> >> >> >> -----Original Message----- >> From: public-pling-request@w3.org >> [mailto:public-pling-request@w3.org] >> On Behalf Of ashok malhotra >> Sent: Friday, July 10, 2009 11:25 AM >> To: Renato Iannella >> Cc: public-pling@w3.org >> Subject: Re: Geolocation Last Call >> >> I, too, was worried when I read Section 4. It punts all the privacy >> APIs to the implementations. >> All the best, Ashok >> >> >> Renato Iannella wrote: >> >> >>> After reading Section 4 of the Working Draft [1], I am more worried >>> than before. >>> >>> It does not engender any confidence, even by using the term >>> "consideration", for the safety and awareness of the end user's privacy. >>> >>> Perhaps we now need a PLING Note on "Best Practices for Privacy >>> Awareness" ? >>> >>> >>> Renato >>> >>> [1] http://www.w3.org/TR/geolocation-API/ >>> >>> >>> On 8 Jul 2009, at 23:09, Thomas Roessler wrote: >>> >>> >>> >>>> No explicit request for review by PLING, but I think it would be >>>> fine for this IG to tell them that you want to do a review -- if >>>> that is indeed the case. >>>> -- >>>> Thomas Roessler, W3C <tlr@w3.org <mailto:tlr@w3.org>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> Begin forwarded message: >>>> >>>> >>>> >>>>> *From: *Angel Machín <angel.machin@gmail.com >>>>> <mailto:angel.machin@gmail.com>> >>>>> *Date: *8 July 2009 14:58:29 CEDT >>>>> *To: *janina@rednote.net <mailto:janina@rednote.net>, >>>>> art.barstow@nokia.com <mailto:art.barstow@nokia.com>, >>>>> chaals@opera.com <mailto:chaals@opera.com>, >>>>> Mary_Ellen_Zurko@notesdev.ibm.com >>>>> <mailto:Mary_Ellen_Zurko@notesdev.ibm.com>, tlr@w3.org >>>>> <mailto:tlr@w3.org>, dom@w3.org <mailto:dom@w3.org>, dsr@w3.org >>>>> <mailto:dsr@w3.org>, chris@w3.org <mailto:chris@w3.org>, >>>>> daniel.appelquist@vodafone.com >>>>> <mailto:daniel.appelquist@vodafone.com>, >>>>> dahl@conversational-technologies.com >>>>> <mailto:dahl@conversational-technologies.com>, rbarnes@bbn.com >>>>> <mailto:rbarnes@bbn.com>, acooper@cdt.org >>>>> <mailto:acooper@cdt.org>, bondi@omtp.org <mailto:bondi@omtp.org>, >>>>> jferrai@us.ibm.com <mailto:jferrai@us.ibm.com>, Lars Erik Bolstad >>>>> <lbolstad@opera.com <mailto:lbolstad@opera.com>>, Matt Womer >>>>> <mdw@w3.org <mailto:mdw@w3.org>>, chairs@w3.org >>>>> <mailto:chairs@w3.org> >>>>> *Subject: **Geolocation Last Call* >>>>> >>>>> Hello Chairs, >>>>> >>>>> On behalf of Lars Erik Bolstad, the other co-chair of this WG, and I: >>>>> >>>>> The Geolocation Working Group has published the Geolocation API >>>>> Specification as a Last Call Working Draft on 7 July 2009: >>>>> http://www.w3.org/TR/geolocation-API/ >>>>> >>>>> Feedback on this document would be appreciated through 31 July >>>>> 2009 via mail to public-geolocation@w3.org >>>>> <mailto:public-geolocation@w3.org>. >>>>> >>>>> In particular we are requesting review from the Web Application >>>>> WG, Device APIs, Web Security Context, Ubiquitous Web >>>>> Applications, Mobile Web Best Practices, Hypertext Coordination, >>>>> Protocols and Formats Working Group and also GEOPRIV, BONDI and OpenAJAX Alliance. >>>>> >>>>> The Group made the decision to go to Last Call: >>>>> http://lists.w3.org/Archives/Public/public-geolocation/2009Jun/016 >>>>> 1 >>>>> .html >>>>> >>>>> No patent disclosures have been made for this specification. >>>>> >>>>> Thanks, >>>>> >>>>> Angel Machin >>>>> Geolocation WG co-Chair >>>>> >>>>> >>>>> >>> Cheers... Renato Iannella >>> NICTA >>> >>> >>> >> >> >> > > -- > -------------------------------------------------------------------- > Arosha K Bandara, PhD > Lecturer, The Open University, e-mail: a.k.bandara@open.ac.uk > Walton Hall Campus Tel : +44 1908 653545 > Milton Keynes, MK 76AA, UK > -------------------------------------------------------------------- > http://fasturl.open.ac.uk/a.k.bandara.htm > -------------------------------------------------------------------- > > > > >
Received on Monday, 13 July 2009 22:47:50 UTC