W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2012

Re: Private User Agent Community Group Proposed

From: <Frederick.Hirsch@nokia.com>
Date: Wed, 7 Nov 2012 20:46:00 +0000
To: <rigo@w3.org>
CC: <Frederick.Hirsch@nokia.com>, <fredandw@live.com>, <public-privacy@w3.org>
Message-ID: <1CB2E0B458B211478C85E11A404A2B27018055A7@008-AM1MPN1-035.mgdnok.nokia.com>
+1, well put Rigo
 
regards, Frederick

Frederick Hirsch
Nokia



On Sep 20, 2012, at 2:09 AM, ext Rigo Wenning wrote:

> Fred, 
> 
> On Thursday 20 September 2012 00:12:24 Fred Andrews wrote:
>> I am open to suggestions on narrowing
>> the scope to make if clearer that the PUA CG be focused only on
>> the technical matters.
> 
> One of the problems in privacy and data protection is the 
> entanglement of technical and legal matters. You may fix a leak, but 
> may be that data leak was unimportant to privacy. And you may have a 
> hole that is terrible for privacy, but closing it would break half 
> of the Web and three quarters of its business model. 
> 
> The last time I had this discussion was when Mozilla refused to 
> implement P3P client side because cookie blockers would be so much 
> more efficient. Cookie blocking was seen as purely technical while 
> P3P was "Policy stuff". 10 years later we have cookie blockers and 
> still the same privacy problem and in the DNT work, people still 
> miss a way to express compliance to more complex privacy regimes. 
> 
> When we established the P3P Safezone, the P3P WG did some non-
> scientific testing whether we would break many things if we would 
> suppress the referrer header. This was not the case (and I can 
> confirm that from my current practice). We know which headers are 
> talking. 
> 
> Remains Javascript as the new panacea for the Web. A Turing-complete 
> language can be used for almost anything. And the question remains 
> what good practices would recommend. What is good or bad in 
> practices is mainly a political question. Once you have that 
> political idea, there is a lot of technical work and insight needed 
> to describe the limitations to be established within the browser for 
> the javascript engine. This touches on security concept like "same 
> origin" as well as the work going on in the Device API Working Group 
> to remotely access things like address books (and yes, they are 
> discussing privacy). The german IT-Security administration simply 
> recommends turning ECMAscript off if one wants secure browsing.
> 
> All this to say that "technical matters" is not a scope that will 
> buy you anything.
> 
> Again, I'm not against Nerd's corner and I applaud your initiative. 
> But I dare pointing out that it makes only sense if it is deeply 
> rooted in the broader debate happening here. That said, Community 
> Groups can do whatever. Community Groups are playground. So my email 
> shouldn't stop you from doing what you want to do. My concern is 
> rather one of wasted momentum.
> 
> Best, 
> 
> Rigo
> 
Received on Wednesday, 7 November 2012 20:46:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 7 November 2012 20:46:32 GMT