Re: Automatic Entry and Forms

Scott E. Preece (preece@predator.urbana.mcd.mot.com)
Mon, 26 Feb 1996 08:56:12 -0600


Date: Mon, 26 Feb 1996 08:56:12 -0600
From: preece@predator.urbana.mcd.mot.com (Scott E. Preece)
Message-Id: <199602261456.IAA05929@predator.urbana.mcd.mot.com>
To: rhazltin@bacall.nepean.uws.edu.au
Cc: connolly@beach.w3.org, boo@best.com, www-html@w3.org
In-Reply-To: Robert Hazeltine's message of Sun, 25 Feb 1996 13:30:39 +1100 (EST)
Subject: Re: Automatic Entry and Forms 

   From: Robert Hazeltine <rhazltin@bacall.nepean.uws.edu.au>

|   > Cite your sources! 
|   > Give evidence!
|   > Present your argument!
|
|   I and others contributing to this thread have outlined our concerns. A
|   situation which the proponents haven't (they have made many an assertion
|   though on how it might be used, for example). 
|
|   I have put some argument on the ethics of the proposal, the practicality
|   of establishing the data set, the problems of confining it to what was
|   initally perceived as good for us, the relative weight to protecting
|   machine/system information compared to people, and more. 
---

What you seem to be missing is that the problem you perceive already
exists and cannot be avoided, no matter what you do to the standard.
There is nothing stopping an existing browser from bundling up all your
responses to FORMs and sending them off to an unauthorized thrid party.
There is nothing to stop it from building associations and attempting to
fill in forms when it sees them.

The only point to the proposal was to allow a FORM author to indicate
that a particular datum is a pre-defined type, so that the browser can
fill it in on the user's behalf.  I don't think this implies you are
giving your browser any more trust than you have already given it, but
you are making it a little easier for it to help out in your normal,
day-to-day activities.

Putting something in the standard also has the slight advantage of
allowing the organization to say what a conforming browser is or isn't
allowed to do with the data (we could, for instance, require that users
be able to tag certain values as special and requiring specific
confirmation before use).  It doesn't stop an unethical browser writer
from mistreating you, but it could (if a conformance mechanism were
set up and enforced) provide legal recourse under fraud statutes if a
browser that claimed to conform actually maliciously non-conformed.

---
|
|   > Phil's draft was a bit brief, but there's nothing wrong with the
|   > mechanism.
|
|   Maybe not.  However, my argument when replying to other posters is that it
|   is unsafe and we need to reinforce human values as well as promote
|   technological excellence.  It patently does not. 
---

Again, it's no more unsafe than what is already completely possible.
And catering to user convenience is part of "reinforcing human values"
as much as protecting user privacy.  Each user has to decide how much
personal data to trust to the Web, to the internet, to her system, and
to her browser; Auto-fill of FORMs data is a teeny wrinkle on the side
of that question.

---
|
|   > But if you have a REAL problem with the proposed mechanism, please
|   > make your argument plainly.
|
|   I trust I have done better than making the assertion that this is really
|   good for you and that it will save a bit of typing. 
---

Well, actually, I don't think you have, unless I've missed one of your
postings.  I've seen lots of concern, but pretty vague allusions to what
you think the specific risks of this proposal are, let alone how they
are qualitatively different from the risks we are already accepting in
using the Web.

scott

--
scott preece
motorola/mcg urbana design center	1101 e. university, urbana, il   61801
phone:	217-384-8589			  fax:	217-384-8550
internet mail:	preece@urbana.mcd.mot.com