- From: Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com>
- Date: Tue, 29 Mar 2016 16:34:44 +0200
- To: norcie@cdt.org
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>, W3C Device APIs WG <public-device-apis@w3.org>
- Message-ID: <CAC1M5qr8_Vt6ZjqSpn1c6-u_1Y3Gp+crE4dPNoCzHtGpn7CPGw@mail.gmail.com>
Hi Greg, No timeline, take your time. But I'm looking forward to feedback, hopefully we might bake something good and perhaps not entirely expected ;) Best Lukasz 2016-03-29 16:21 GMT+02:00 Greg Norcie <gnorcie@cdt.org>: > Hi Lukasz, > > Thanks for reaching out, we really appreciate it. We're happy to help. > > Do you have a timeline for when you'll need comments by? > > > /********************************************/ > Greg Norcie (norcie@cdt.org) > Staff Technologist > Center for Democracy & Technology > District of Columbia office > (p) 202-637-9800 > PGP: http://norcie.com/pgp.txt > > > > *CDT's Annual Dinner (Tech Prom) is April 6, 2016. Don't miss out!learn > more at https://cdt.org/annual-dinner <https://cdt.org/annual-dinner>* > /*******************************************/ > > On Tue, Mar 29, 2016 at 5:49 AM, Lukasz Olejnik (W3C) < > lukasz.w3c@gmail.com> wrote: > >> Dear all! >> >> I am working on a sensors privacy (impact, risk, ...) assessment for a >> while now. And I think now it has little sense to withhold it for any >> longer, as most of the work I did some time ago, anyway. >> >> It is primarily intended for Devis APIs WG (DAP), with whom I have the >> pleasure to work on the privacy aspects of sensors API. >> >> I invite you to take a look on the document [1]. I hope it will be >> useful, and I primarily hope this can be an appropriate starting input in >> privacy considerations of sensors. >> Often, as indicated in the PDF report, even perhaps far-fetched scenarios >> are considered. Same for cross-device risks, where plausible scenario could >> be pointed to. >> >> As advised in private correspondence with (and by), Tobie Langel (DAP), >> it would be good if specific pull(s) request(s) follow. I'll look into that >> next. >> >> Also of note. It is not included in the PDF (should it?), but I believe >> it is worthy to require a secure (i.e. TLS) connection for having access to >> sensors ('secure contexts') - all of them, generically and just like that. >> I can't imagine a scenario where this could cause any issues, apart from >> the need to set up a TLS, that is. >> >> I also highlight my view and want to ask a question. Can W3C give >> guidance/recommendation/note regarding the transparency UIs (sometimes >> called "privacy user interface")? A method for a straight-forward >> user-verification of: what/how was being used, how frequent, etc. >> >> Please, enjoy ;-) >> >> >> Best regards >> Lukasz Olejnik >> >> [1] http://lukaszolejnik.com/SensorsPrivacyReport.pdf >> >> >> >
Received on Tuesday, 29 March 2016 14:35:14 UTC