- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Tue, 06 Sep 2022 09:34:00 +0000
- To: Mark Nottingham <mnot@mnot.net>
- cc: HTTP Working Group <ietf-http-wg@w3.org>
-------- Mark Nottingham writes: > At IETF 114, we saw some interest in adding hints about the client's > location to requests in certain circumstances, with the condition that > it be done in a way that doesn't compromise privacy. There are two different scopes to this topic: * "Jurisdictional" - is the client subject to this or that law, jurisdiction or regulation. * "Informational" - pretty much everything else. There are all sorts of unholy regulation bubbling under the surface with respect to the first one, because politicians, justifiably, have become really keen on being able to tell genuine citizens apart from (foreign-controlled) bots and sock-puppets, and in parallel, protecting children from content which violate "community standards". The main argument for exchanging such information at our level in the stack is that it will reduce the need for actual, and much more privacy-leaking, user authentication. Despite that, it is still a minefield, political, cryptographically and technically, which I think we should stay very clear from. Mark writes "certain circumstances" and "doesn't compromise privacy", but to increase chances of success, I think we need to be much more clear about our intentions. I propose that we make it 100% clear up front, even before adopting this or any other proposal, that any information provided via the mechanism we (might) come up with, does not, and can not, carry any legal weight or message, because it SHALL be 100% up to the users whims and discretion, and that it SHALL be opt-out by default. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 6 September 2022 09:34:17 UTC