Re: [review] Performance APIs, Security and Privacy from Greg Norcie on 2016-06-07 (public-privacy@w3.org from April to June 2016)

From: Greg Norcie <gnorcie@cdt.org>
Date: Tue, 7 Jun 2016 08:52:01 -0400
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <CAMJgV7ZctegC0LaZYTJcY1a0_LVuSeDO0HZvRhQMN43J5NoJbg@mail.gmail.com>

Sorry for jumping the gun! The privacy questionaire is a pet project of
mine, so I got excited about getting some real world feedback.

I will review your note and get back to you shortly.




/********************************************/
Greg Norcie (norcie@cdt.org)
Staff Technologist
Center for Democracy & Technology
District of Columbia office
(p) 202-637-9800
PGP: http://norcie.com/pgp.txt

/*******************************************/

On Tue, Jun 7, 2016 at 6:21 AM, Joseph Lorenzo Hall <joe@cdt.org> wrote:

> This is a group note specific to security and privacy of WebPerf, not
> a spec, so the questionnaire may not exactly fit.
>
> On Mon, Jun 6, 2016 at 10:18 AM, Greg Norcie <gnorcie@cdt.org> wrote:
> > Hi Ilya,
> >
> > In order to streamline the review process, PING has been developing a
> > Privacy Questionnaire[1]
> >
> > If you or one of the members of your team could look through your
> proposal
> > using the questionnaire, we would greatly appreciate it.
> >
> > (And afterwards, I'd love to hear feedback on how useful the
> questionnaire
> > is or how it could be improved, and will be happy to help take a look at
> any
> > remaining issues.)
> >
> > Thanks for your help!
> >
> > [1] https://gregnorc.github.io/ping-privacy-questions/
> >
> >
> > /********************************************/
> > Greg Norcie (norcie@cdt.org)
> > Staff Technologist
> > Center for Democracy & Technology
> > District of Columbia office
> > (p) 202-637-9800
> > PGP: http://norcie.com/pgp.txt
> >
> > /*******************************************/
> >
> > On Wed, Jun 1, 2016 at 5:10 PM, Ilya Grigorik <ilya@igvita.com> wrote:
> >>
> >> Hey all.
> >>
> >> Would love to hear any thoughts or comments on a note we've been working
> >> on over at webperf (for motivation, see [1]):
> >>
> >> "The fact that something is possible to measure, and may even be highly
> >> desirable and useful to expose to developers, does not mean that it can
> be
> >> exposed as runtime JavaScript API in the browser, due to various
> privacy and
> >> security constraints. The goal of this document is to explain why that
> is
> >> the case and to provide guidance for what needs to be considered when
> making
> >> or evaluating a proposal for such APIs."
> >>
> >> https://w3c.github.io/perf-security-privacy/
> >>
> >> If you have any feedback, or spot any issues, please open an issue on
> >> GitHub:
> >> https://github.com/w3c/perf-security-privacy/issues
> >>
> >> Thanks!
> >> ig
> >>
> >> [1]
> https://lists.w3.org/Archives/Public/public-web-perf/2016Apr/0010.html
> >
> >
>
>
>
> --
> Joseph Lorenzo Hall
> Chief Technologist, Center for Democracy & Technology [https://www.cdt.org
> ]
> 1401 K ST NW STE 200, Washington DC 20005-3497
> e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>

Received on Tuesday, 7 June 2016 12:52:49 UTC