- From: Martin Thomson via GitHub <sysbot+gh@w3.org>
- Date: Wed, 22 Jun 2022 03:54:38 +0000
- To: public-patcg@w3.org
Working for a browser-maker, I feel obligated to defend our ability to defend data that doesn't leave the browser. Protecting browsing history is on the list of things that browsers have had to do forever. We also protect cookies and passwords and other much more sensitive stuff. The distinction that I think is relevant here is between treatment of data on a device that *the user controls*[^1] and data that leaves that space. As Luke mentioned yesterday, where things are most challenging is where data leaves that a zone the user controls (where we have a well-established understanding or at least expectations about how data is treated), which might make that data available to others. Additional scrutiny on data that exits user-controlled space, particularly when it involves data from multiple people, is entirely appropriate. Systems that aggregate private information from many people are something of a novelty here. But I don't see it as within our remit to talk about treatment within browsers, especially for such a narrow domain. I understand the competition angle (I would be OK with having a bigger discussion about that, is it worth a separate thread?), but I think that we should limit our discussion there to data that leaves the user's device. We are best not talking about the issues of self-preferencing that might occur within larger companies, limited to browser vendors[^2]. The W3C is not even the right place to have that conversation. Various competition regulators are taking a keen interest, for instance. [^1]: Obligatory footnote about cross-device synchronization features. These exist and often involve data living on servers operated by a browser vendor. There are some rather fundamentally different approaches taken in the market here. I consider those to be within the established envelope for data sharing as long as data is only synchronized. I realize that this is not always the case, which muddies things considerably. Again though, this is not something unique to this particular domain and I would rather we didn't add that problem to our workload. [^2]: This is a problem of scale: Mozilla and other smaller browser vendors aren't immune to those pressures; we just have a narrower product portfolio and less opportunity to gain advantage. -- GitHub Notification of comment by martinthomson Please view or discuss this issue at https://github.com/patcg/private-measurement/issues/17#issuecomment-1162607907 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 22 June 2022 03:54:40 UTC