W3C home > Mailing lists > Public > public-privacy@w3.org > April to June 2017

Re: Which questionnaire?

From: Christine Runnegar <runnegar@isoc.org>
Date: Thu, 4 May 2017 18:03:40 +0000
To: Chaals is Charles McCathie Nevile <chaals@yandex-team.ru>
CC: "public-privacy@w3.org" <public-privacy@w3.org>
Message-ID: <BBCFC97F-9344-44B0-8DCF-3AE4F2904898@isoc.org>
Dear Charles,

Thank you! We really need to push forward with the PING annotated privacy questionnaire.

Greg Norcie did a lot of work on this before moving on to other adventures. I believe Wendy added it to GitHub here: https://github.com/w3c/privacy-considerations

Perhaps you could help me move this along. 

I think one place to start to add to the draft is to list out some of the common potential privacy risks that we have already seen, how these have been addressed in specs and what could be improved.

(For example, a common concern is the use of identifiers or things that could behave like identifiers, especially those that are persistent and unique.
If we break this down into small pieces that people can comment on via email, I think we will make better progress.
There are also probably some common principles we could draw out for APIs that access sensor data.)

As an example, here is what is in the privacy considerations of the Vibration API - https://www.w3.org/TR/vibration/#security-and-privacy-considerations

Vibration API is not a source of data on its own and as such is not producing any data possible to consume on the Web. However, it is known that it can serve as a source of events for other APIs. In particular, it is known that certain sensors such as accelerometers or gyroscopes are prone to tiny imperfections during their manufacturing. As such, they provide a fingerprinting surface that can be exploited utilizing the vibration stimuli generated via the Vibration API. In this sense, Vibration API provides an indirect privacy risk, in conjunction with other mechanisms. This can create possibly unexpected privacy risks, including cross-device tracking and communication. Additionally, a device that is vibrating might be visible to external observers and enable physical identification, and possibly tracking of the user.

For these reasons, the user agent SHOULD inform the user when the API is being used and provide a mechanism to disable the API (effectively no-op), on a per-origin basis or globally.

Christine

> On 4 May 2017, at 12:40 pm, Chaals is Charles McCathie Nevile <chaals@yandex-team.ru> wrote:
> 
> Hi,
> 
> For microdata, I went through the questionnaire at https://www.w3.org/TR/security-privacy-questionnaire/
> 
> It turns out that the content in https://www.w3.org/wiki/Privacy/Privacy_Considerations seems
> much better expressed and more thorough in terms of privacy.
> 
> There is also a repo, but last time I went there it was unclear how to actually contribute.
> Now I cannot find it at all, although I did find https://github.com/w3c/privacy-considerations
> 
> How can I help get a good privacy questionnaire published by PING?
> 
> cheers
> 
> 
> -- 
> Charles McCathie Nevile   -   standards   -   Yandex
> chaals@yandex-team.ru - Find more at http://yandex.com
> 
> 
Received on Thursday, 4 May 2017 18:04:17 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 4 May 2017 18:04:18 UTC