Re: JavaScript Permissions interface in WebApps

Hi John,

On Fri, Jul 2, 2010 at 5:20 PM, John Morris <jmorris@cdt.org> wrote:
> Doug,
>
> I appreciate that you have consistently taken the position that no privacy
> protections should be built into any API.  It is unfortunate that you cannot
> be in London in a week for either the workshop or the F2F, so that you could
> express your views on that subject.  And yes, we did "talk to death" many of
> the issues in December 2008 at the Geolocation WG F2F.
>
> But for anyone who was not involved in that process, I think it is important
> to understand some key points about the Geolocation WG and that Geolocation
> meeting:
>
> -- the goal of the leading participants of that WG was to have the W3C
> standardize an API that was developed outside of the W3C before the WG was
> formed.  The API spec brought into the W3C did not address privacy, and the
> proponents of that spec had no interest in changing the API to address
> privacy in a meaningful way.
> -- at the December 2008 F2F, opponents of addressing privacy repeatedly said
> that the W3C should not do something specific to location, and that if the
> W3C  were to take any action to address privacy, it should do so with a
> broader framework.
> -- the December 2008 F2F was immediately followed (the next day) by a
> workshop which looked at device API issues more broadly, and decided to do
> exactly that - form a WG that would consider a broader framework.  Hence DAP
> was born.
> -- in rejecting "last call" objections to the Geolocation API's failure to
> meaningfully address privacy, the Geolocation WG chairs stated:
>
> "The working group concluded that privacy protection does not belong in the
> Geolocation API itself, but is better handled as part of a more generic
> privacy
> and security framework for device access. The recently formed Device API
> and Policy Working Group is chartered to develop precisely such a
> framework (http://www.w3.org/2009/05/DeviceAPICharter).”
>
> http://lists.w3.org/Archives/Public/public‐geolocation/2009Oct/0009.html.
>
> I make these points simply to assert that the fact that the Geolocation WG
> "talked to death" the idea of taking action to protect privacy (and rejected
> that idea) is not evidence that such action should be rejected today.

But the Geolocation WG did not reject the idea of taking action to
protect privacy. I think it is regrettable to make such a statement.

We simply rejected the idea of adding privacy attributes to the API
and presented convincing reasons why we thought it was not protecting
any privacy. Meanwhile, as far as I know, no new evidence was brought
to this debate so the reasons we had to reject the idea back then are
still valid today.

Thanks,
Andrei

Received on Friday, 2 July 2010 17:06:02 UTC