Re: [review] Performance APIs, Security and Privacy from Greg Norcie on 2016-06-07 (public-privacy@w3.org from April to June 2016)

From: Greg Norcie <gnorcie@cdt.org>
Date: Tue, 7 Jun 2016 14:05:59 -0400
To: Ilya Grigorik <ilya@igvita.com>
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <CAMJgV7Z-1xCeQpN-X1Srt9=bxPx_BjFHDo-tcKxGGc-Rg0PTxA@mail.gmail.com>
Hi Ilya,

Thanks for asking!

Yes, it is meant to be complimentary. We at PING often have people come to
us for reviews of new standards, and the goal of the quiz is to empower
standards writers who may not have a privacy background to do an initial
privacy review to spot some of the more common issues (including, but not
limited to) fingerprinting present in a spec.



/********************************************/
Greg Norcie (norcie@cdt.org)
Staff Technologist
Center for Democracy & Technology
District of Columbia office
(p) 202-637-9800
PGP: http://norcie.com/pgp.txt

/*******************************************/

On Tue, Jun 7, 2016 at 12:46 PM, Ilya Grigorik <ilya@igvita.com> wrote:

> Greg, thanks for the pointer, I was not aware of that questionnaire. Quick
> question, it looks to be complimentary to [1] - is that right, or is the
> goal to merge those two? I reference [1] in our note, and I'm wondering if
> I should be linking to both or just one of them.
>
> [1] https://www.w3.org/TR/fingerprinting-guidance/
>
> On Tue, Jun 7, 2016 at 5:52 AM, Greg Norcie <gnorcie@cdt.org> wrote:
>
>> Sorry for jumping the gun! The privacy questionaire is a pet project of
>> mine, so I got excited about getting some real world feedback.
>>
>> I will review your note and get back to you shortly.
>>
>>
>>
>>
>> /********************************************/
>> Greg Norcie (norcie@cdt.org)
>> Staff Technologist
>> Center for Democracy & Technology
>> District of Columbia office
>> (p) 202-637-9800
>> PGP: http://norcie.com/pgp.txt
>>
>> /*******************************************/
>>
>> On Tue, Jun 7, 2016 at 6:21 AM, Joseph Lorenzo Hall <joe@cdt.org> wrote:
>>
>>> This is a group note specific to security and privacy of WebPerf, not
>>> a spec, so the questionnaire may not exactly fit.
>>>
>>> On Mon, Jun 6, 2016 at 10:18 AM, Greg Norcie <gnorcie@cdt.org> wrote:
>>> > Hi Ilya,
>>> >
>>> > In order to streamline the review process, PING has been developing a
>>> > Privacy Questionnaire[1]
>>> >
>>> > If you or one of the members of your team could look through your
>>> proposal
>>> > using the questionnaire, we would greatly appreciate it.
>>> >
>>> > (And afterwards, I'd love to hear feedback on how useful the
>>> questionnaire
>>> > is or how it could be improved, and will be happy to help take a look
>>> at any
>>> > remaining issues.)
>>> >
>>> > Thanks for your help!
>>> >
>>> > [1] https://gregnorc.github.io/ping-privacy-questions/
>>> >
>>> >
>>> > /********************************************/
>>> > Greg Norcie (norcie@cdt.org)
>>> > Staff Technologist
>>> > Center for Democracy & Technology
>>> > District of Columbia office
>>> > (p) 202-637-9800
>>> > PGP: http://norcie.com/pgp.txt
>>> >
>>> > /*******************************************/
>>> >
>>> > On Wed, Jun 1, 2016 at 5:10 PM, Ilya Grigorik <ilya@igvita.com> wrote:
>>> >>
>>> >> Hey all.
>>> >>
>>> >> Would love to hear any thoughts or comments on a note we've been
>>> working
>>> >> on over at webperf (for motivation, see [1]):
>>> >>
>>> >> "The fact that something is possible to measure, and may even be
>>> highly
>>> >> desirable and useful to expose to developers, does not mean that it
>>> can be
>>> >> exposed as runtime JavaScript API in the browser, due to various
>>> privacy and
>>> >> security constraints. The goal of this document is to explain why
>>> that is
>>> >> the case and to provide guidance for what needs to be considered when
>>> making
>>> >> or evaluating a proposal for such APIs."
>>> >>
>>> >> https://w3c.github.io/perf-security-privacy/
>>> >>
>>> >> If you have any feedback, or spot any issues, please open an issue on
>>> >> GitHub:
>>> >> https://github.com/w3c/perf-security-privacy/issues
>>> >>
>>> >> Thanks!
>>> >> ig
>>> >>
>>> >> [1]
>>> https://lists.w3.org/Archives/Public/public-web-perf/2016Apr/0010.html
>>> >
>>> >
>>>
>>>
>>>
>>> --
>>> Joseph Lorenzo Hall
>>> Chief Technologist, Center for Democracy & Technology [
>>> https://www.cdt.org]
>>> 1401 K ST NW STE 200, Washington DC 20005-3497
>>> e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
>>> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>>>
>>
>>
>
Received on Tuesday, 7 June 2016 18:06:47 UTC