- From: Wendy Seltzer <wseltzer@w3.org>
- Date: Thu, 29 Jan 2015 10:41:07 -0500
- To: David Singer <singer@apple.com>, chaals@yandex-team.ru
- CC: Robin Wilton <wilton@isoc.org>, Joseph Hall Lorenzo <joe@cdt.org>, Bjoern Hoehrmann <derhoermi@gmx.net>, Wenning Rigo <rigo@w3.org>, "public-privacy mailing list) (W3C" <public-privacy@w3.org>
On 01/29/2015 09:43 AM, David Singer wrote: > >> On Jan 29, 2015, at 15:33 , chaals@yandex-team.ru wrote: >> >> Basically +1… more inline > > yay, I think you have it and we’re converging. Yes, the [priest+doctor | server] clearly knows that it’s Chaals under both personae; but as you say, [he it] is being respectful that in one case they are treating your body and the other your soul, and keeps those considerations separate. > > Yes, it’s like encountering your shrink at a party. He knows it’s you, you know he knows; but he doesn’t expose in this context (the party) what he knows from the other context (the analysis sessions). That is respecting your privacy. Interesting mix of norms and tech -- and yes, a different privacy threat model from the one many of us are accustomed to considering. Here, we're trusting the server to share our interests and want to help us enforce the contextual boundaries we choose, even if its knowledge could span those boundaries. This model is a better match with the Web Origin security model -- where an origin site is presumed to have control of the web application security, and the end-user must choose to trust the origin (with limited user-side overrides) or not visit the site. I wonder what sorts of feedback could help to reinforce to end-users that their trust was in fact merited. --Wendy -- Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Policy Counsel and Domain Lead, World Wide Web Consortium (W3C) http://wendy.seltzer.org/ +1.617.863.0613 (mobile)
Received on Thursday, 29 January 2015 15:41:21 UTC