W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2015

Re: 'persona', indicating 'private browsing mode' over the net

From: David Singer <singer@apple.com>
Date: Tue, 03 Mar 2015 15:25:54 -0800
Cc: Joseph Lorenzo Hall <joe@cdt.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-id: <0C5E8399-1219-481B-9A23-E44FF28498AF@apple.com>
To: ifette@google.com

> On Mar 3, 2015, at 15:20 , Ian Fette (イアンフェッティ) <ifette@google.com> wrote:
> 
> What you're asking for is quite a bit in that case. Netflix has a notion of "personas" when I sign in. It asks me "Is this Ian watching or someone else". So, in theory it ought to be able to hook up to such a mechanism as you describe. But you're asking every other site to build in something like that -- the household Amazon Prime account becomes "John's purchases" and "Jane's purchases". Or the kid-at-college's purchases. That's a rather large ask for a lot of sites…


Perhaps, but anything any site does to help here would be an improvement on the status quo.  Perhaps after a while browsers could offer to warn you if sites that don’t respect persona are involved in your browsing, and so on.

For me, personally, if the major sites that kept a trace were to respect it, I would be happier (comparative):
* search engines that keep a search history
* places where I buy a variety of goods

and if those two ‘did something’ about what they tell ad networks about me, it would be great.  Yes, it’s a big ask to expect ad networks to support this, I understand.

As Chaals said, it’s somewhat of a bargain: I’ll let you continue to observe what I do online, if you respect my contextual boundaries (and hence, my privacy, in that sense).

> 
> 2015-03-03 14:46 GMT-08:00 David Singer <singer@apple.com>:
> 
> > On Mar 3, 2015, at 14:40 , Ian Fette (イアンフェッティ) <ifette@google.com> wrote:
> >
> > The problems with scoped identifiers are (at least):
> > a) defining what they are scoped by.  ‘The user you think it is from some other information, if any’ is not very good standards-writing.
> >
> > Well, it could be origin-scoped :)
> >
> > b) if it’s scoped by the machine, you can’t carry on searching for your SO’s birthday present from your phone (on the go) to your laptop (at home)
> >
> > What else would it be scoped by? If you have a named profile for the user that's not transient, why do you need any of this? Named profiles in Chrome (and other browsers AFAIK) keep separate cookie jars, and I'm not really sure what this buys us over separate cookie jars. Asking e.g. ads servers to keep data separate (even when it's coming from the same IP and fingerprintable data) based on a different "persona" seems like a bit of a DNT-sized task :) Asking other sites to build new infrastructure based on personas seems a lot more complicated than saying "we'll keep the cookies separate for different personas" and letting people carry on.
> 
> If you keep the cookies separate, then either I can’t buy my wife’s birthday present using my account, or I can, and the illusion of separation evaporates.  The deal is no longer "you know it’s me but you agree to keep records segregated” but “I am going to try to pretend to be somebody else, but if you work out it’s me or I reveal it, the separation evaporates”.
> 
> 
> David Singer
> Manager, Software Standards, Apple Inc.
> 
> 

David Singer
Manager, Software Standards, Apple Inc.
Received on Tuesday, 3 March 2015 23:26:23 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 3 March 2015 23:26:23 UTC