Re: Privacy report on sensors, for generic sensors API.

Hi Greg,

No timeline, take your time.

But I'm looking forward to feedback, hopefully we might bake something good
and perhaps not entirely expected ;)

Best
Lukasz

2016-03-29 16:21 GMT+02:00 Greg Norcie <gnorcie@cdt.org>:

> Hi Lukasz,
>
> Thanks for reaching out, we really appreciate it. We're happy to help.
>
> Do you have a timeline for when you'll need comments by?
>
>
> /********************************************/
> Greg Norcie (norcie@cdt.org)
> Staff Technologist
> Center for Democracy & Technology
> District of Columbia office
> (p) 202-637-9800
> PGP: http://norcie.com/pgp.txt
>
>
>
> *CDT's Annual Dinner (Tech Prom) is April 6, 2016.  Don't miss out!learn
> more at https://cdt.org/annual-dinner <https://cdt.org/annual-dinner>*
> /*******************************************/
>
> On Tue, Mar 29, 2016 at 5:49 AM, Lukasz Olejnik (W3C) <
> lukasz.w3c@gmail.com> wrote:
>
>> Dear all!
>>
>> I am working on a sensors privacy (impact, risk, ...) assessment for a
>> while now. And I think now it has little sense to withhold it for any
>> longer, as most of the work I did some time ago, anyway.
>>
>> It is primarily intended for Devis APIs WG (DAP), with whom I have the
>> pleasure to work on the privacy aspects of sensors API.
>>
>> I invite you to take a look on the document [1]. I hope it will be
>> useful, and I primarily hope this can be an appropriate starting input in
>> privacy considerations of sensors.
>> Often, as indicated in the PDF report, even perhaps far-fetched scenarios
>> are considered. Same for cross-device risks, where plausible scenario could
>> be pointed to.
>>
>> As advised in private correspondence with (and by), Tobie Langel (DAP),
>> it would be good if specific pull(s) request(s) follow. I'll look into that
>> next.
>>
>> Also of note. It is not included in the PDF (should it?), but I believe
>> it is worthy to require a secure (i.e. TLS) connection for having access to
>> sensors ('secure contexts') - all of them, generically and just like that.
>> I can't imagine a scenario where this could cause any issues, apart from
>> the need to set up a TLS, that is.
>>
>> I also highlight my view and want to ask a question. Can W3C give
>> guidance/recommendation/note regarding the transparency UIs (sometimes
>> called "privacy user interface")? A method for a straight-forward
>> user-verification of: what/how was being used, how frequent, etc.
>>
>> Please, enjoy ;-)
>>
>>
>> Best regards
>> Lukasz Olejnik
>>
>> [1] http://lukaszolejnik.com/SensorsPrivacyReport.pdf
>>
>>
>>
>

Received on Tuesday, 29 March 2016 14:35:14 UTC