Re: Draft: Privacy Workshop Report

Hi,

just a few notes going through the report, which is overall good. I wanted to make edits directly but Google Docs seems to be flaky right now so I'm sending them here.

 As much as I love stupid acronyms, I'm not sure that Privacy Interest Group is the best naming choice. It's all bikeshedding afterwards, but maybe Privacy Research/Review Interest Group?

 One thing that was mentioned as part of Google's paper and discussed was how to handle granting access when many (too many for current mechanisms) privacy (and security) impacting APIs were used. I think that this should be reflected as it is likely to be a work item for someone, and is (IMHO) an important architectural issue since what works for one or two APIs breaks down when there are too many.

 I'm not sure what "and that, privacy controls should be kept as close to the mobile device as possible" intends to capture.

 I think that part of what's core to Aza's approach is not just what is needed for users' understanding of policies, but also reflecting what matters to users. That's why there's a difference between sharing data with third parties and selling it to them  users seem to care that someone's making money off their backs.

 Deirdre's remark that the icons would fail for the same reason as P3P did was, I thought, somewhat tempered in the discussion that followed the presentations.

 Speaking of the final discussion, it doesn't seem to be captured at all in the report  is that intentional?

--
Robin Berjon
robineko  hired gun, higher standards
http://robineko.com/

Received on Wednesday, 11 August 2010 14:06:56 UTC