Re: Privacy by Design in APIs from Robin Berjon on 2012-03-30 (public-privacy@w3.org from January to March 2012)

From: Robin Berjon <robin@berjon.com>
Date: Fri, 30 Mar 2012 11:24:17 +0200
To: Hannes Tschofenig <hannes.tschofenig@nsn.com>
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <88840AC7-DCDA-492F-AA95-2B0E347FFAA9@berjon.com>

Hi Hannes,

On Mar 29, 2012, at 17:35 , Hannes Tschofenig wrote:
> Have you had a chance to look at this privacy consideration document:
> http://tools.ietf.org/html/draft-iab-privacy-considerations-02

I have, and indeed I have found it very useful.

> There are really basic things you need to think about first. For example,
> think about the scope of your document. Who is the target audience? A
> resulting document will look very different if you are addressing the
> protocol developers in the W3C (as compared to someone who deploys a
> complete solution).

You are right that I should clarify the target audience, the current feedback clearly indicates that this is a point of confusion.

To put it quickly here before I update the document, the goal is to address the issues currently faced by people writing JS APIs in browsers, scoped to solutions that I believe can be easily applied. This is mostly around fingerprinting and "don't make me think" user interactions. So protocol design, end-to-end solutions, and (perhaps more controversially) solutions that require a major overhaul of implementations or that would require major design work and long discussions are deliberately out of scope. At least that's my current approach; I'm of course open to discussion. But I would like the TAG to produce something useful, applicable now, and do so quickly — even if it means producing a v2 later.

> You also do not reference any terminology, which leads to endless confusion.
> For this purpose you may want to look at this document:
> http://tools.ietf.org/html/draft-iab-privacy-terminology-01

I know. My plan was initially to reference your terminology rather than invent my own (providing feedback in case it doesn't fit) but I hear that it's still in flux and subject to change so I haven't done it yet. I think it would be even more confusing if I referenced a terminology that then changed ;)

> I have plenty of additional comments but I want to get these high-level
> things discussed first.

Thanks for your comments, I've logged them in the document's GH issues list. I would certainly welcome further feedback, either here or to www-tag as you feel most appropriate.

-- 
Robin Berjon - http://berjon.com/ - @robinberjon

Received on Friday, 30 March 2012 09:24:43 UTC