Re: HTML5.1 review from Greg Norcie on 2016-05-12 (public-privacy@w3.org from April to June 2016)

From: Greg Norcie <gnorcie@cdt.org>
Date: Thu, 12 May 2016 10:27:13 -0400
To: Chaals McCathie Nevile <chaals@yandex-team.ru>
Cc: Léonie Watson <tink@tink.uk>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>, team-html-editors@w3.org, team-webplatform@w3.org
Message-ID: <CAMJgV7ZpAAd_Wtn2us-hxOhG-NO61ojJ9HjXb-JmMwgRRgE9fg@mail.gmail.com>
Hi Chaals,

Thank you for your help.

I'm including your review below. (We'd like to try to keep all PING reviews
on list to maximize participation.)

If everyone could review Chaals self review and come to the PING call
prepared to discuss it, I'd greatly appreciate it.

//HTML 5.1 Self Review Below//

1.) Does this specification have a "Privacy Considerations" section?

Yes, there is a security and privacy considerations
<https://w3c.github.io/html/webappapis.html#security-and-privacy> section.

There is another one for media
<https://w3c.github.io/html/semantics-embedded-content.html#security-and-privacy-considerations>,
and yet another for registerContentHandler and registerProtocolHandler
<https://w3c.github.io/html/webappapis.html#security-and-privacy>.

2.) Does this specification collect personally derived data?

Not inherently.

3.) Does this specification generate personally derived data, and if so how
will that data be handled?

Not inherently

4.) Does this specification allow an origin direct access to a user’s
location, and if so is that information minimized?

No.

5.) How should this specification work in the context of a user agent’s
"incognito" mode?

It should work the same.

6.) Is it possible to spoof/fake the data being generated for privacy
purposes?

For real form attributes it is, for hidden inputs it has to be done by
expecting to find something. This *can* be done using e.g. browser
extensions.

7.) Does the standard utilize data that is personally-derived, i.e. derived
from the interaction of a single person, or their device or address?

No

8.) Does the data record contain elements that would enable re-correlation
when combined with other datasets through the property of intersection
(commonly known as "fingerprinting")?

There are some features that can be used for fingerprinting. These are
generally identified.

9.) Is the user likely to know if information is being collected?

The user doesn't know what will actually *get submitted* by a form - hidden
inputs can be added and carried along.

10.) Can the user easily, preferably through an element of the GUI, revoke
consent granted to a particular feature?

Don't think HTML has data collection features beyond forms

Hidden form inputs, and what data will actually be sent with a form, could
be detected by a browser extension but this is generally not a feature
exposed to normal users.

11.) Once consent has been given, is there a mechanism whereby it can be
automatically revoked after a reasonable, or user configurable, period?

Not Applicable

12.) Does this standard utilize strong end to end encryption?

HTML does not require the use of end-to-end encryption, and given the
enormous deployed legacy it is unlikely to do so in the near future.
However it does allow for it in general.




/********************************************/
Greg Norcie (norcie@cdt.org)
Staff Technologist
Center for Democracy & Technology
District of Columbia office
(p) 202-637-9800
PGP: http://norcie.com/pgp.txt

/*******************************************/

On Wed, May 11, 2016 at 5:26 PM, Chaals McCathie Nevile <
chaals@yandex-team.ru> wrote:

> On Wed, 11 May 2016 03:20:20 +0100, Greg Norcie <gnorcie@cdt.org> wrote:
>
> As a first, step, could you or someone from the HTML5 team please use the
>> PING Privacy Questionnaire[1] to do an initial self review of your
>> standard? (We would also love to get feedback on how the privacy
>> questionnaire can be improved :) )
>>
>
> Done - although smarter people than me might have more comments:
> https://github.com/w3c/html/issues/366
>
> I'd be happy to work with you and your team to identify any remaining
>> issues that may be present in addition to those uncovered by the self
>> review.
>>
>
> Yup. This is HTML, so you may already know some stuff.
>
> In particular, checking for anything that our privacy section doesn't
> mention would be a good idea.
>
> There is a PING call on 5/26 - perhaps you could report back to us with
>> the results of your self review at that time, and we could help your
>> team work through any remaining issues that you are unclear how to
>> move forward on?
>>
>
> I'll put the call on my agenda.
>
> cheers
>
> Chaals
>
>
> [1] http://gregnorc.github.io/ping-privacy-questions/
>>
>> /********************************************/
>> Greg Norcie (norcie@cdt.org)
>> Staff Technologist
>> Center for Democracy & Technology
>> District of Columbia office
>> (p) 202-637-9800
>> PGP: http://norcie.com/pgp.txt
>>
>> /*******************************************/
>>
>> On Tue, May 10, 2016 at 2:28 PM, Léonie Watson <tink@tink.uk> wrote:
>>
>> Christine & Tara,
>>>
>>> We are preparing to move HTML5.1 to CR by mid-June, and would welcome a
>>> review by the Privacy IG  ahead of that transition.
>>>
>>> There is a stable WD available [1], with incremental changes noted within
>>> the specification itself [2]. The more fluid editors draft is also
>>> available
>>> [3].
>>>
>>> If there is anything I can do to help, please don't hesitate to ask.
>>>
>>> Léonie on behalf of the WP chairs and team.
>>>
>>> [1] https://www.w3.org/TR/html51/
>>> [2] https://www.w3.org/TR/html51/changes.html#changes
>>> [3] https://w3c.github.io/html/
>>>
>>> --
>>> @LeonieWatson tink.uk Carpe diem
>>>
>>>
>>>
>>>
>>>
>>>
>
> --
> Charles McCathie Nevile - web standards - CTO Office, Yandex
>  chaals@yandex-team.ru - - - Find more at http://yandex.com
>
Received on Thursday, 12 May 2016 14:28:01 UTC