Re: Pervasive Monitoring and Secure Origins breakout session

This is great, thanks Nicholas!

P.s.: IMHO, it should always be user choice as to whether or not
geolocation will reveal a user's location by IP.  An ISP knowing it is one
thing, but services should't be able to locate users without their consent.
On Nov 7, 2014 2:59 PM, "Nicholas Doty" <npdoty@w3.org> wrote:

> During TPAC, we had a breakout session to discuss a series of proposals
> regarding restricting sensitive APIs to secure or authenticated origins and
> other measures we could take to address the problem of pervasive monitoring
> [1].
>
> I've cleaned up the minutes for your review:
>         http://www.w3.org/2014/10/29-permon-minutes.html
>
> In general, I heard:
>
> * consensus that moving all traffic to TLS (or similar) in order to
> increase integrity is a goal
> * interest in transition processes -- for moving features to HTTPS-only
> and for getting the industry as a whole (including hardware) to TLS
> * possibilities for using DNSSEC for more secure browsing, with issues of
> performance and middleboxes
>
> I would welcome additional takeaways that others in attendance had, or any
> additional conclusions since. I know this to be a topic of discussion in at
> least the following working groups:
>
> * HTML/EME
> * WebCrypto
> * Geolocation
> * WebAppSec
> * WebRTC/Media Capture
> * TAG
>
> As Giri mentioned during the breakout, Geolocation is having an open call
> for discussion of this topic, with some active discussion on this thread:
>
> http://lists.w3.org/Archives/Public/public-geolocation/2014Nov/0007.html
>
> Thanks all for your participation at TPAC and for the broad discussion and
> effort to improve security on the Web.
>
> Nick
>
> [1] http://tools.ietf.org/html/rfc7258
>

Received on Friday, 7 November 2014 23:41:09 UTC