- From: Mike O'Neill <michael.oneill@baycloud.com>
- Date: Thu, 29 Jan 2015 18:09:09 -0000
- To: "'Wendy Seltzer'" <wseltzer@w3.org>, "'David Singer'" <singer@apple.com>, <chaals@yandex-team.ru>
- Cc: "'Robin Wilton'" <wilton@isoc.org>, "'Joseph Hall Lorenzo'" <joe@cdt.org>, "'Bjoern Hoehrmann'" <derhoermi@gmx.net>, "'Wenning Rigo'" <rigo@w3.org>, "'public-privacy mailing list\) \(W3C'" <public-privacy@w3.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Interesting mix of norms and tech -- and yes, a different privacy threat > model from the one many of us are accustomed to considering. Here, we're > trusting the server to share our interests and want to help us enforce > the contextual boundaries we choose, even if its knowledge could span > those boundaries. > > This model is a better match with the Web Origin security model -- where > an origin site is presumed to have control of the web application > security, and the end-user must choose to trust the origin (with limited > user-side overrides) or not visit the site. > > I wonder what sorts of feedback could help to reinforce to end-users > that their trust was in fact merited. > > --Wendy > It would have to include all the servers being accessed, third-parties also. I think David's header would be seen all of them, and it would only take one to ignore the contextual boundaries, decide to combine multiple personas with other data in a PII keyed database, then broadcast it to the world (and UA based UUIDs are far more reliably user-identifying than IP addresses which are usually ephemeral and non-unique). Maybe there should be an implicit web of trust that covers all the servers receiving user specific data on a page, where they all commit to a common declared level of privacy and security. The browser could then have UI to communicate that. WebID could be used to identify all the parties (not just origins), and a manifest could define the trust relationship. Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using gpg4o v3.4.19.5391 - http://www.gpg4o.com/ Charset: utf-8 iQEcBAEBAgAGBQJUyndEAAoJEHMxUy4uXm2JSeMIAMmr8UE6vjZuhQnhBfNihFsr Tjm9k8/l0OwywckMwFadKL/sFP2SSLP8tzWnXI87UScAJXXAM9/y3bxUKLzY88+9 rnYRQYHGzEpIzuSN/rRvf8/EOiVfA2CrMQ0h4c+WofrqARNU2xhI7XPY2nI7v2Nl sCsK0y89+cKCBDe41jkWvs+vkjrlaCcMvpold6BOPFgIcKSWlDtDKek8bQ78qxi4 sgmAr41TL6/BnBjxgUh5NDescGLh7DPDmK4/YoLjr1E3IAU2io7h1WevVzxgC+tj H/W2oeFlU9dLASm0aFPOfQ98zWvDen94XYFd4SNFJqYgPGwMgcM+7p+ku429n/Q= =lP8p -----END PGP SIGNATURE-----
Received on Thursday, 29 January 2015 18:11:08 UTC