W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2012

Re: PING - please volunteer - Ambient Light Events

From: Hannes Tschofenig <Hannes.Tschofenig@nsn.com>
Date: Wed, 19 Dec 2012 11:07:35 +0200
To: ext David Singer <singer@apple.com>
CC: <erin@elchemy.org>, <public-privacy@w3.org>, Robin Wilton <wilton@isoc.org>
Message-ID: <CCF75077.1DA3%Hannes.Tschofenig@nsn.com>
Hi David, 

I should be more specific. As I explained in my review of Robin's Privacy by
Design in APIs writeup I believe that many of the W3C specifications are
just extensions to the JavaScript/dynamic code download model. Many of the
privacy threats are very similar in that case and there is no point in
repeating the same stuff over and over again particularly if nothing can be
done at the level of an individual specification (which was btw my main
concern about Robin's writeup).

>From my experience in the IETF with writing and reviewing security
considerations protocol designers do not have endless amount of time (even
if we pretend they have). So, you need to make sure that they spend their
available time on the topics with the biggest impact.

In security 80% of the threats (and their countermeasures) are obvious
(typically related to communication security threats). That's where everyone
spends his or her time on. The remaining 20% are, however, the tough, hard
to understand, and often do not follow a classical patterns. Barely anyone
finds time to look at them.

In the discussions on the list I also pointed out that the privacy
guidelines are different for the various audiences. There is the protocol
developer as an audience and they will (as part of the review comments) be
able to address one set of recommendations. Those who deploy services are
often a different audience and the recommendations for them are likely quite
different. In the comments I have seen so far review feedback for these two
audiences is mixed together. This tend tends to be less useful.


PS: In this specific document I am not even sure that we are talking about
personal data. 

On 12/19/12 2:28 AM, "ext David Singer" <singer@apple.com> wrote:

> On Dec 18, 2012, at 6:16 , "Tschofenig, Hannes (NSN - FI/Espoo)"
> <hannes.tschofenig@nsn.com> wrote:
>> I think that this spec illustrates quite nicely how useless it is to deal
>> with privacy at the level of each individual specification.
> I don't think it is useless;  there are privacy implications of individual
> specs as well as privacy implications of putting them together with others.
>> Hannes
>> Sent from my Windows Phone
>> From: ext Erin Kenneally
>> Sent: 12/18/2012 3:56 PM
>> To: public-privacy@w3.org
>> Cc: wilton@isoc.org
>> Subject: Re: PING - please volunteer - Ambient Light Events
>> I was able to quickly read through the spec wrt privacy and security
>> implications, precisely because it is an extract of the larger more
>> complicated Sensor API which in and of itself raises no reasonable
>> concerns.  The capability *potential* does indeed raise privacy &
>> security issues, but the segregation of specific events (ambient light
>> being the one in this instance) for implementation simplicity also
>> allows precise identification/exclusion of p&s issues.  So, while
>> Robin's comments about capabilities will prove to be pertinent in the
>> review of other components of the aggregate spec, I think we need to be
>> mindful not to lose sight of the impacts of the interaction between
>> individual specs... and that can only be done when all components are at
>> the table.
>> /erin
Received on Wednesday, 19 December 2012 09:08:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:55 UTC