W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Privacy and its costs (was: Re: Mandatory encryption)

From: Karl Dubost <karld@opera.com>
Date: Thu, 19 Jul 2012 08:44:45 -0400
Message-Id: <9D2F10C8-8BE8-4DE7-9B0E-C36DFA6EF434@opera.com>
Cc: Tim Bray <tbray@textuality.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
To: Martin J. Dürst <duerst@it.aoyama.ac.jp>

Le 18 juil. 2012 à 20:13, Martin J. Dürst a écrit :
> Is the privacy of the readers of Ongoing just less important than the privacy of user of the average Web site? 

Context. (oh how I dislike the work privacy ^_^, I chose opacity a while ago)

* In which contexts, the communication needs to be opaque to any intermediaries?
* What are the mechanisms which allow that?
* What is the cost of implementing/using these mechanisms for any participants in the chain of communications from the emitter to the receiver?

- Requesting a simple Web page on example.org, a person might not bother. 
- Until this specific request down to the URI itself might put one in trouble (aka what they read make them suspicious)
- Sending a message in a Web form to a person, again it depends. Will it be public? Is it only for this specific person?
- Opaque down to how much of it is opaque.

If I send a letter by post office mail, I expect them to not read. The envelope being closed is a weak security mechanism, but super simple to implement (seal a message by blocking eyesight with glue). The sender address may be completely opaque. The integrity is assessed by the fact it has not be opened. Note that just strong light is often enough to see through.

If I send a postcard, I don't expect the same thing. Sender address is still completely opaque, but the content is open. What do we say on postcards. 

A letter with a tracking number often requires the sender address.

The Web is not the physical world. The humans are still physical entities and trust relationships are a very hard topic. More opacity became necessary because entire businesses have been built on the ability to "abuse the de facto readability of human interactions". Any move towards more opacity will come at a cost for these businesses. That will be a hard fight. Nobody wants to give up its piece of the yummy cake.

PS: Personally, I wish for more opacity, or more exactly for my ability as a user to choose the mechanism of opacity (see letters above) depending on the context. I want to be able to assess (if/when I have a concern) which were the parties involved in the communications and which access they had to the message.

Karl Dubost - http://dev.opera.com/
Developer Relations, Opera Software
Received on Thursday, 19 July 2012 12:45:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:03 UTC