Re: W3C Workshop Agreement? from Thomas Roessler on 2010-08-13 (public-privacy@w3.org from July to September 2010)

From: Thomas Roessler <tlr@w3.org>
Date: Fri, 13 Aug 2010 11:52:53 +0200
To: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
Cc: Thomas Roessler <tlr@w3.org>, <public-privacy@w3.org>
Message-Id: <1BAB0B49-5CC4-4D28-B2B7-33C8D407B378@w3.org>

On 13 Aug 2010, at 10:48, Tschofenig, Hannes (NSN - FI/Espoo) wrote:

> Hi all,
> 
> In the tentative writeup of the workshop it says:
> 
> " 
> The two practical proposals that drew most interest and discussions were the Mozilla privacy icon approach and CDT’s privacy rule-set idea. Both also drew significant questions about their practical viability and deployability; yet, further investigation and experimentation with both approaches seems worthwhile.
> 
> "
> 
> I think it should rather say that we should be honest and write:  
> " 
> The two practical proposals that drew most interest and discussions were the Mozilla privacy icon approach and CDT’s privacy rule-set idea. Both also drew significant questions from the side of browser vendors and big Web service providers about their practical viability and deployability; yet, further investigation and experimentation with both approaches seems worthwhile.
> 
> " 
> We could even mention the names of the persons / companies to make it more clear.
> 
> 

Well, there were two sets of reservations:

- Folks from various vendors saying they didn't really think they'd implement those proposals.
- People with various backgrounds questioning whether either Web services or browser vendors would have incentives to deploy a particular technology.

For example, I don't think Deirdre counts as "the side of browser vendors and big Web service providers."  I do think, though, that her remarks about lawyers' tendency to write ambiguous text, and the fundamental incompatibility of that with some of the privacy policy notions, is a valid reservation about the privacy icons work.

What we could say is that the questions were about the practical viability and likelihood of implementation in both Web browsers and by Web service providers, or some such.  What do you think?

> Furthermore, I was wondering about this statement:
> 
> "There was widespread agreement that further community-building  work on best practices both for specification writers and implementers, and systematic privacy review of W3C specifications would be useful.
> 
> "
> 
> Was there really such an agreement?
> 
> I recall that certain people said that it would have been nice to provide some implementation hints/user interface aspects into the geolocation specification. However, the same people were previously arguing exactly against including such text into the spec at the time when the spec was written.
> 
> I don't recall anyone who had argued that there should be a systematic privacy review of W3C specifications, particularly not the guys (browser vendors & big Web service providers) who largely argued against any technical privacy mechanisms in the geolocation / Device API specs. If you take a look at the geolocation API spec today then you will see that there is very little in there about privacy.
> 
> So, I am not sure where this widespread agreement has come from (given that I was at the workshop).
> 

I remember repeated discussion of privacy considerations and not much opposition against those. That's what I meant by "agreement."  If I'm overstating what I thought I heard, I'd be happy to correct this.

Your point that this abstract notion seems possibly inconsistent with actual behavior in current WGs is well-taken.  I'd be willing to leave that apparent contradiction in the report, though, since I think it reflects what we're actually seeing.

Received on Friday, 13 August 2010 09:52:58 UTC