Agenda for WEBPRIV BOF, Mon Dec 8 1930-2200 from Larry Masinter on 1997-11-26 (ietf-http-wg@w3.org from October to December 1997)

From: Larry Masinter <masinter@parc.xerox.com>
Date: Wed, 26 Nov 1997 11:04:05 PST
To: agenda@ietf.org
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <347C72A5.FC7A6BEA@parc.xerox.com>

Monday, December 8 at 1930-2200
      (opposite mhtml, acap, ipvbi, tcpimpl, rmonmib, issll mobileip)

Overview:

There are a number of methods in use that gather information about
Internet (and World Wide Web users). While much of the information
gathering is benign, the potential for abuse is high.

Popular reports of the privacy issues around web browsing have focused
on the issue of 'cookies': the use of the HTTP state management
mechanism to send information about the user to a third party. However,
there are a large number of other possible threats. For example,
software packages, when downloaded and installed, may send the user's
identification and other information directly to the maker of the
software package, in the name of 'helping' with the identification of
the user's configuration. Maintainers of proxy caches could leave
logs of user activities publicly available. Companies could join
in a consortium to share information about user preferences and behavior.

While this kind of information can have many positive uses, it also
can be misused. Internet users may not be aware that their reading
behavior is observed, and there have been many cases where privacy
of information about an individual's use of public libraries, video
rentals and other media have been at issue.

The goal of the BOF is canvas for interest in a working group
(in USV) aimed at creating a set of guidelines which will aid
both system administrators and protocol designers: what are the
nature of the threats to user privacy, and what are some of the
mechanisms and policies that are necessary to avoid such threats.

Tentative agenda (volunteers to present issues welcome)

   15 - welcome, introduction
   60 - review of HTTP issues
       20 privacy and 'hit metering'
       20 privacy and 'state management' (cookies)
       20 review of W3C P3 initiative
   30 - operational issues:
       log files, privacy methods for obscuring
       ISP policies
       web site policies
   15 - USV working group strategy & policy
        Privacy vs. Security: boundaries
   30 - Plans for working group


Larry
-- 
http://www.parc.xerox.com/masinter

Received on Wednesday, 26 November 1997 18:23:30 UTC