W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2015

Re: questionnaire feedback (was Re: Save the date - PING at IETF - Thursday 23 July)

From: David Singer <singer@apple.com>
Date: Wed, 05 Aug 2015 16:05:22 -0700
Cc: Nicholas Doty <npdoty@w3.org>
Message-id: <4C028E74-3C10-4A04-B9D2-A56A269EB386@apple.com>
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
some questions about the questionnaire. <https://www.w3.org/wiki/Privacy_and_security_questionnaire>

1. Does this specification deal with personally derived data?
	• Explanation: Personal data includes a large swath of data which could be used on its own, or in combination with other information, to identify a single person. The exact definition of what’s considered “personal information” varies, but could certainly include things like a home address, an email address, birthdates, usernames, fingerprints, video recordings, audio recordings, geographic location or any other information derived from a person.


Um, there are TWO issues here:  (a) can the data be used to identify someone and (b) if the person is or can be identified, is the data revealing something about them?  The latter doesn’t seem addressed.

In general, even innocuous pieces of personally-derived data may become significantly less so when combined with other data.  For example, if you get access to my location, you may learn that I am in a hotel room.  That seems fairly innocuous.  Separately you may learn my home city, which also may be fairly innocuous. But when you realize that the hotel is in my own city, and it’s the middle of the day in that time zone, you might be a teensy bit suspicious…



2. Does this specification allow an origin access to a user’s location, and if so is that information minimized?

Why do we pull out the user’s location as a piece of personally-derived-data of special significance?  

3.  	• How should this specification work in the context of a user agent’s "incognito" mode?
		• Explanation: Ideally, the feature would work in such a way that the website would not be able to determine that the user was in "incognito". Less ideally, the feature wouldn’t work, but the website still wouldn’t be able to distinguish "incognito" from simply being denied permission to use the feature (for instance). Unideally, the feature wouldn’t exist at all in "incognito", which means that the user wouldn’t be exposing data, but the website can probably tell that the user is in that state
		• Example: Disabling a feature which could out a user when used in "incognito" mode.


I am not at all sure that I agree that revealing I am ‘incognito’ is always a problem.  I think this might need attention.  The example sentence has some issues, unless we mean by ‘out a user’ that we reveal their sexual preference, which I doubt :-)


David Singer
Manager, Software Standards, Apple Inc.
Received on Wednesday, 5 August 2015 23:05:54 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 5 August 2015 23:05:55 UTC