W3C home > Mailing lists > Public > public-web-intents@w3.org > July 2012

Re: Explicit intents privacy concern

From: Greg Billock <gbillock@google.com>
Date: Wed, 25 Jul 2012 10:22:10 -0700
Message-ID: <CAAxVY9f23p+oS9H9dn_qdiwsq_-hv=hzVJpay_vzCkzzvwbadw@mail.gmail.com>
To: Josh Soref <jsoref@rim.com>
Cc: WebIntents <public-web-intents@w3.org>
On Wed, Jul 25, 2012 at 8:11 AM, Josh Soref <jsoref@rim.com> wrote:
> Deepanshu wrote:
>> I would have reservation for that "another method" too, if it is about
>> transferring user data without user consent and it is to be written in W3C spec.
>> But, here we are talking about Web Intents and explicit intent (does user knows
>> that the intent being registered is a explicit intent aka integrated-with-specific-
>> service intent) enabling transmission of user data without user consent doesn't
>> looks good to me.
>
> <img src="http://disliked.service.example.net/?publish={encoded-data}">
>
> There are other ways too. HTML / JavaScript doesn't prevent this.
>
> If you're really paranoid about such things, you can investigate NoScript or something similar.
>
> Plus, in general, as long as disliked.service.example.net and webapp.service.example.com are on the general Internet, they can communicate directly server to server.
>
> This is just a core part of how the Internet / Web were designed. We can't prevent that.
>
> The speedbump we're proposing should mostly alleviate your concern as far as Intents are concerned. Yes disliked.service.example.net may be opened, but the UA won't deliver your data to that service until you confirm for the first time.

My argument is that what this means is that if that service is trying
to pass this data (explicitly) to another service, they'll just use
some other way to do it. I think this is an unnecessary and possibly
deleterious complication we should not introduce.

>
> Note that UAs can certainly adapt to providing a Ban list for certain Intent Providers. So if you want to tell your UA that disliked.service.example.net should never be used, I'd expect we'll see that. We could probably put in text encouraging UAs to support a user controlled blacklist for intent providers, that isn't unreasonable, although it's merely a SHOULD as it wouldn't have any implications to the API itself.
>
> ---------------------------------------------------------------------
> This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
>
Received on Wednesday, 25 July 2012 17:22:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 25 July 2012 17:22:38 GMT