W3C home > Mailing lists > Public > public-privacy@w3.org > April to June 2013

Re: list of questions raised during ambient light privacy review

From: Karima Boudaoud <karima@polytech.unice.fr>
Date: Thu, 25 Apr 2013 14:05:29 +0200
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Message-Id: <1A174F4E-7A10-4ED0-B0B5-C4693A926EE5@polytech.unice.fr>
To: Nicholas Doty <npdoty@w3.org>
Hi Nick,

This is excellent !!!  Thanks a lot for having collected them.

Having these questions written will be very helpful and useful as an  
initial checklist when evaluating  Spec. And this list can be improved  
when other questions arise.

Best regards

Karima


Le 20 avr. 13 à 05:34, Nicholas Doty a écrit :

> Robin W. and others raised the point that it might be useful to  
> consolidate the questions that different reviewers asked during  
> privacy reviews of the Ambient Light API. I've tried to extract that  
> list from those threads and included my results below (and marked  
> the people that mentioned a question in [brackets]).
>
> I do not yet believe that all of these questions must be asked/ 
> answered regarding every Web spec or API, that this list is  
> exhaustive or usefully framed. But I think it might be a nice  
> starting point. As Frank D. has noted, checklists are often a good  
> first step towards systematic reviews.
>
> * can the information be used (alone or in combination with other  
> APIs / sources of information) to fingerprint a device or user?
> 	[tlr, erin, npdoty, others]
>
> * may I access to the information I created?
> 	[karl]
>
> * may I record it myself (locally)?
> 	[karl]
>
> * am I able to have actions on this personal record?
> 	[karl]
>
> * may I block partly or totally the record of the information?
> 	[karl, tonyr]
>
> * may I fake it? (think about fuzzy geolocation or voluntary fake  
> location)
> 	[karl]
>
> * Is the data personally-derived, i.e. derived from the interaction  
> of a single person, or their device or address?  (If so, even if  
> anonymous, it might be re-correlated)
> 	[dsinger]
>
> * Does the data record contain elements that would enable such re- 
> correlation?  (examples include an IP address, and so on)
> 	[dsinger]
>
> * What other data could this record be correlated with? (e.g. the ISP)
> 	[dsinger]
>
> * If you had large amounts of this data about one person, what  
> conclusions would it enable you to draw? (e.g. maybe you could  
> estimate location from many ambient light events by estimating  
> latitude and longitude from the times of sunrise and sunset)
> 	[dsinger, tonyr]
>
> * Am I likely to know if information is being collected?
> 	[wseltzer]
>
> * How visible is its collection and or use?
> 	[wseltzer, tonyr]
>
> * Do I get feedback on the patterns that the information could  
> reveal (at any instant, over time) so I can adjust behaviors?
> 	[wseltzer]
>
> * if a background event about the device is fired in all browsing  
> contexts, does it allow correlation of a user across contexts?
> 	[npdoty]
>
> * can code on a page send signals that can be received by device  
> sensors on nearby devices?
> 	[npdoty, tonyr]
>
> And while we're gathering checklists of questions, we might look at  
> the old Morris/Davidson doc for Internet specification authors that  
> had some questions related to privacy:
> 	http://tools.ietf.org/id/draft-morris-policy-considerations-00.txt
> (In particular: "4. Questions about Technical Characteristics or  
> Functionality" and then privacy discussion in Section 5.)
> And the IAB Privacy Considerations for Internet Protocols contains  
> lists of questions in the "Guidelines" section:
> 	http://tools.ietf.org/html/draft-iab-privacy-considerations-08
>
> This satisfies my ACTION-2.
>
> Thanks,
> Nick
Received on Thursday, 25 April 2013 11:52:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:55 UTC