PING - informal chairs summary - 20 September 2012 from Christine Runnegar on 2012-10-02 (public-privacy@w3.org from October to December 2012)

From: Christine Runnegar <runnegar@isoc.org>
Date: Tue, 2 Oct 2012 15:43:20 +0200
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <B2FBCEEA-FC75-4F0D-BB29-EAD95D2D7BB4@isoc.org>

Hi all.

Here is the informal chairs' summary for our call on 20 September 2012.

........

Thank you to our guest:

Dominique (Dom) Hazael-Massieux, W3C Mobile Web Initiative Activity Lead and Staff Contact for the Web Real-Time Communications Working Group and the Device APIs Working Group.

Thanks to our scribes Rigo, Frederick and Nick.

Next call on 18 October 2012 (usual time)

--------

*Discussion on Web Permissions and Fingerprinting led by Dominique Hazael-Massieux

Reference slides from WWW 2012 - http://www.w3.org/2012/Talks/dhm-privacy-www/#/step-1

As more features and functionality are added to the Web browser, the more risks we create in terms of privacy and security. There are two W3C WGs where this issue is particularly salient – DAP and WebRTC WG. It would be useful to discuss how to make the Web powerful and at the same time keep its privacy preserving capabilities.

For example: Web developers have been asking for standards that give applications access to a device’s camera to improve functionality. Allowing access comes with privacy and security issues (e.g. allowing any Web page to get access to the camera raises the possibility of spying and surveillance.)

One approach is to only allow access after a user has granted permission (i.e. a permission-based model, e.g. as used in the Geolocation API specification), but it is hard to communicate to the user what they are being asked to allow. This is a difficult user-interface (UI) issue. Additionally, once permission has been granted, there needs to be a way to stop permission, and a way of knowing that the application is following that change in permission. That is, a way to preserve permissions in the UI. Another issue for permissions is the small display size of mobile devices.

There was a brief discussion about whether browser vendors are ready to discuss UI, and whether inconsistency is an issue for consumers. It was noted that browser vendors compete on UI, but commonalities have developed such as “File – Open”. The W3C Web Security Context WG worked on a security indicator for the browser (http://www.w3.org/TR/wsc-ui/), but it was a mixed experience.

Frederick Hirsch observed that there might not be a UI in all circumstances (example: from Web Intents - where there are integrated sub-apps, e.g. red-eye removal).

Another approach being considered by the W3C Systems Applications WG is to take all the technology out of the browser context to solve privacy and security issues at the platform level (i.e. develop the equivalent of "native" applications, where the main model for privacy and security is - OS controls what the applications can do, often after having asked for user permission/consent at the time of installation).

Many W3C WGs are also facing fingerprinting issues with their specifications. One of the questions in many of the groups is whether fingerprinting is a battle worth fighting for.

Call to action: W3C needs a champion for these issues (e.g. PING). Further, it would be useful for PING to take on the task of explaining what fingerprinting is, the challenges and best ways to mitigate while still allowing for greater integration and functionality. A workshop was proposed as a means to move this work forward.

Note: Nick Doty advised that the W3C would shortly be announcing a privacy workshop in late November, and said that this might be a useful forum to start this work.

*Coordinating and delivering privacy reviews of draft W3C specifications

There is consensus that W3C specifications, especially at an early stage in their development, would benefit from privacy reviews. PING has been identified as the logical coordinator for such reviews, and already two draft specifications have been proposed as candidates: Navigation timing [1] (raised by Wendy Seltzer) and Web Intents [2] (raised by Art Barstow).

While there is considerable and varied privacy expertise in PING, it is not yet clear whether PING members will have sufficient expertise in the relevant specification subject matters to provide meaningful privacy reviews. There is also the question of resources, i.e. would PING members be willing and able to commit to providing timely privacy reviews?.

Wendy Seltzer provided an informal privacy review of Navigation timing specification direct to the Web Performance WG, raising fingerprinting risks [3]. Other PING members were invited to provide their feedback on the draft.

PING members were also asked to volunteer to review the privacy considerations section for Web Intents and provide feedback.

Action item: Continue the discussion

[1] http://www.w3.org/TR/navigation-timing/
[2] https://dvcs.w3.org/hg/web-intents/raw-file/tip/spec/Overview-respec.html
[3] http://lists.w3.org/Archives/Public/public-web-perf/2012Sep/0013.html

*Privacy considerations

Please continue the discussion on the email list.

Christine and Tara

Received on Tuesday, 2 October 2012 13:43:58 UTC