- From: David Singer <singer@apple.com>
- Date: Mon, 15 Apr 2019 14:35:46 -0700
- To: Nick Doty <npdoty@ischool.berkeley.edu>
- Cc: Pete Snyder <psnyder@brave.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
> On Apr 13, 2019, at 14:22 , Nick Doty <npdoty@ischool.berkeley.edu> wrote: > > On Apr 10, 2019, at 11:36 AM, Pete Snyder <psnyder@brave.com> wrote: >> >> (Separate thread) >> >> At the AC meeting, Jeff challenged us to suggest ideas that would improve privacy on the web, and not just prevent new standards from making it worse. I think this is a great idea. > > I think that’s exactly the right question to be thinking about: just mitigating against the problems introduced by new features is neither as satisfying nor as productive as exploring how we can improve user privacy on the platform generally. Yes. This is my plea: Design or Re-design for privacy. It’s not a back-end check by a few PING people. I think it might help to ask: * Reduce identification. If I choose not to self-identify, how can we reduce or eliminate identifiability (fingerprinting, cookies that identify me, etc.)? * Once I am identified, how can I reduce the amount learned about me by various sites: * Directly from my own interactions * Relayed from site to site * Once something is learned about me, * how can I reduce the amount it’s retained and propagated? * How can I limit the amount of data that’s combined together (and used for inference)? * How can we help people see roughly what a site might know and be learning about them? * Can we confuse any of these mechanisms? * Are we enabling sites to answer the minimal question (“did this advert work?”, “does this user have an account and hence rights to view?” rather than “who is this user and what do we know about them?”) David Singer Manager, Software Standards, Apple Inc.
Received on Monday, 15 April 2019 21:36:16 UTC