RE: Draft: Privacy Workshop Report

To your first point Robin, PRIG is almost as bad: "a person who is
overly precise, arrogant, or smug." 

-----Original Message-----
[] On Behalf Of Robin Berjon
Sent: 11 August 2010 15:06
To: Thomas Roessler
Subject: Re: Draft: Privacy Workshop Report


just a few notes going through the report, which is overall good. I
wanted to make edits directly but Google Docs seems to be flaky right
now so I'm sending them here.

* As much as I love stupid acronyms, I'm not sure that Privacy Interest
Group is the best naming choice. It's all bikeshedding afterwards, but
maybe Privacy Research/Review Interest Group?

* One thing that was mentioned as part of Google's paper and discussed
was how to handle granting access when many (too many for current
mechanisms) privacy (and security) impacting APIs were used. I think
that this should be reflected as it is likely to be a work item for
someone, and is (IMHO) an important architectural issue since what works
for one or two APIs breaks down when there are too many.

* I'm not sure what "and that, privacy controls should be kept as close
to the mobile device as possible" intends to capture.

* I think that part of what's core to Aza's approach is not just what is
needed for users' understanding of policies, but also reflecting what
matters to users. That's why there's a difference between sharing data
with third parties and selling it to them - users seem to care that
someone's making money off their backs.

* Deirdre's remark that the icons would fail for the same reason as P3P
did was, I thought, somewhat tempered in the discussion that followed
the presentations.

* Speaking of the final discussion, it doesn't seem to be captured at
all in the report - is that intentional?

Robin Berjon
robineko - hired gun, higher standards

Received on Wednesday, 11 August 2010 14:59:32 UTC