- From: Christine Runnegar <runnegar@isoc.org>
- Date: Thu, 30 Jul 2015 13:21:02 +0000
- To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Thank you PING members and friends for joining a face-to-face meeting alongside IETF 93 in Prague. A special thank you to Natasha for acting as scribe. * Recent W3C TAG Findings Mark Nottingham introduced two recent TAG Findings: Unsanctioned Web Tracking http://www.w3.org/2001/tag/doc/unsanctioned-tracking/ End-to-End Encryption and the Web http://www.w3.org/2001/tag/doc/encryption-finding/ This led to a preliminary discussion regarding header enrichment as well as the TAG’s interest in standardising private browsing mode. Should we have a competition for a better term than “private browsing”? Mark Nottingham mentioned the HTTP workshop in Germany (27-30 July 2015) https://httpworkshop.github.io/ One of the topics for discussion is privacy in HTTP/2, which should be of interest to PING. A summary of the workshop will be produced. Action: - PING to move forward with the draft Fingerprinting Guidance for Web Specification Authors https://w3c.github.io/fingerprinting-guidance/ to complement the TAG Finding - PING chairs to schedule a time for a discussion about header enrichment * IEEE 802 EC Privacy Recommendation Study Group Juan-Carlos gave a brief overview of the results of three Wi-Fi privacy experiments at the past IETF91, IEEE 802 March plenary, and IETF92 meetings. The Privacy Recommendation PAR and CSD have been approved by the EC. 802c - will be guidelines for local addressing 802E - will be like RFC 6973 for IEEE (link layer) There is currently no standard for MAC address randomisation, but the IEEE 802 EC Privacy Recommendation Study Group has a set of guidelines which it used for the privacy experiments. Microsoft’s Windows 10 has MAC address randomisation as one of the WiFi features. For more information, see IEEE Press Release: IEEE Announces Successful Wireless Privacy Trials at IETF and IEEE 802® Meetings http://standards.ieee.org/news/2015/wireless_privacy_trials.html * Draft privacy and security questionnaire, and PING’s role in W3C We discussed how to strengthen PING’s role within the W3C (especially given its limited resources) and how to ensure PING's guidance has the right impact. We need to strive to provide privacy guidance as early as possible in the standards development process. The TAG privacy and security questionnaire (when it is completed) should help specification authors address privacy considerations in their work. PING can complement the questionnaire with more detailed guidance. We briefly discussed the document. Two suggestions were to add sections about local storage and permissions. A view was also expressed that the Geolocation principles are effectively “moot” because of the decisions made by the Geolocation WG last year. Action: PING to continue developing “an expanded” version of the draft TAG questionnaire on the wiki (https://www.w3.org/wiki/Privacy_and_security_questionnaire) incorporating relevant work from the draft Privacy Considerations for Web Protocols (https://w3c.github.io/privacy-considerations/). Some content will then be used as input to the TAG exercise and other input will be used for a complementary expanded PING guidance document. Please edit the wiki directly or share input on this list. Note: Some preference for Github over the wiki was expressed. We will consider where is the best place to locate this work in further conversations. * Geofencing API The Geolocation WG would like PING feedback as early as possible on the Geofencing API. Action: Joe to ask Greg to work with Giri on the privacy considerations, using the draft TAG questionnaire as a guide. Christine (co-chair)
Received on Thursday, 30 July 2015 13:21:40 UTC