Re: w/r/t Privacy

On Wed, 5 Nov 2008 14:08:58 +0000, Andrei Popescu <andreip@google.com> wrote:
> On Wed, 5 Nov 2008, Kartikaya Gupta wrote:
> > The browser can do this too on behalf of the web page, but it has no way of actually communicating those usage 
> > rules to the web page.
> 
> You mean it has no way of *enforcing* those rules, right?
> 

Sure. I did actually mean communicating, but you're right that even if it could communicate the usage rules, it wouldn't be able to enforce them.

> It does. But note that it's just one situation. It does not
> necessarily follow that every platform suffers from the exact same
> problem.
> 
> [snip]
> 
> I respectfully continue to disagree with this as I think this is a
> false dilemma. Your reasoning is based on an example (please see
> http://en.wikipedia.org/wiki/Proof_by_example), so that cannot imply
> that all possible platforms where Geolocation API will be implemented
> will suffer from the same problem.

I completely agree with you. My argument wasn't meant to be applied to all platforms. However, it does apply to platforms that are able to enforce anything more than a basic "allow/don't allow" privacy mechanism.

> There will be platforms where the
> privacy mechanism implemented by the UA will be neither confusing nor
> misleading and I continue to believe that the only way to make this
> possible is to allow them to chose what to implement.
> 

Agreed. However, note that your statement also falls under the category of "Proof by example" - the spec as it stands will allow *some* platforms to implement non-confusing-and-misleading privacy mechanisms, so you cannot claim that it is the best possible specification for *all* platforms.

On Wed, 5 Nov 2008 14:45:40 +0000 (UTC), Ian Hickson <ian@hixie.ch> wrote:
>
> However, if no such platform exists, this is an academic concern.

I can't specifically name a platform that does this, and yes, this is something of an academic concern. However, I think in order to design an API that is meant to be survive for any period of time, you do need to at least think about some things that are academic concerns today but may become non-academic concerns during the lifetime of the API. I don't think that a platform similar to the one I'm describing is so far-fetched that it won't appear within the lifetime of this spec. I don't generally care for politics, but it seems to me that the world very recently became a place that is much more likely to pass laws requiring systems to enforce user privacy to the best of their ability, and proprietary mobile platforms may well end up doing so for user benefit anyway.

The whole point of my argument was simply to point out that the current spec is not as perfect as everybody seems to think it is; while I agree that it is probably better than the suggested alternatives (i.e. what the folks at CDT are suggesting), it seemed people were willing to discard those alternatives without even considering their full implications.

Cheers,
kats

Received on Wednesday, 5 November 2008 16:56:03 UTC