- From: Pat Walshe <PWalshe@gsm.org>
- Date: Fri, 8 Apr 2011 19:13:24 +0100
- To: "SULLIVAN, BRYAN L (ATTSI)" <bs3131@att.com>, Robin Berjon <robin@robineko.com>, Jules Polonetsky <julespol@futureofprivacy.org>
- CC: Karl Dubost <karld@opera.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Thanks Bryan, Yes, am aware of the work being done by yourselves and others and this is great to see. I look forward to the paper. Best Pat On 08/04/2011 19:09, "SULLIVAN, BRYAN L (ATTSI)" <bs3131@att.com> wrote: >"Key ecosystem players" are in some cases very aware of privacy issues >and doing their best to establish best practices and a technical >foundation enabling at least the disclosure of developer intent for use >of private data, and if possible usable (e.g. effective UIs and control >options for the user) means for the user to express their awareness and >consent. > >Our position paper for the upcoming W3C Web Tracking workshop references >work in this area by the WAC (Wholesale Applications Community), in which >we have defined a mechanism, based upon the W3C's POWDER specification, >for developers to declare intent on usage of device APIs, network >resources, and how private data is used and retained. > >We are early in the process of seeing how this works in production, >including: impact on developer experience, distribution of the intent >declarations, how the potentially significant amount of information can >be effectively communicated to the user, how to balance user consent >options with UI complexity and application impacts, etc. But our work in >this area clearly shows that we consider this a very important subject >and want to get practical, semantically useful methods in prototype as >soon as possible, so we can see what really works. > >Thanks, >Bryan Sullivan | AT&T > >-----Original Message----- >From: public-privacy-request@w3.org >[mailto:public-privacy-request@w3.org] On Behalf Of Pat Walshe >Sent: Friday, April 08, 2011 7:15 AM >To: Robin Berjon; Jules Polonetsky >Cc: Karl Dubost; public-privacy (W3C mailing list) >Subject: Re: Pandora sends user GPS, sex, birthdate, other data to ad >servers > >Before I chip in, any views expressed by me are mine and not those of my >employer. > >Like Jules, I am surprised that the well publicised app privacy issues >remain a surprise. The issue of surreptitious access to device and user >data by apps first emerged in the summer of 2009 by an iPhone app >developer who set up i-phone-home.blogspot.com out of his concern over app >permissions. The site is no longer active but a screen shot is attached >from 2009. > > 'App privacy' has received and continues to receive global coverage so I >fail to see how key ecosystem players are not aware of them? It's not >privacy pros keeping it to themselves. Even the information commissioner >in the UK issued a public warning that "users should not have their >personal information collected unless they are aware of it" >www.techeye.net/security/ico-issueswarning-over-iphone-apps The recent >FTC report on consumer privacy mentioned smartphones over 37 times and >expressly raised concerns and proposals over app privacy and app oba - key >ecosystem players have responded to this report so again, I cant >understand how this is not on key radars. > >Also, I spoke about these issues at the the W3C workshop held last July in >London. > >It is a fact that users of smartphones sit a complex global web of >relationships with app providers, app stores, browser vendors, advertisers >and others. The only thing that appears consistent in this fragmented >ecosystem is the lack of consistency in approaches to privacy - this does >not seem to aid the development of ways in which users might be given >clear, simple, context aware and device appropriate ways in which to be >aware of the privacy implications of apps and to exercise choice and >control in respect of access to and the use of their information. Here's >a good example from 2009 of how privacy matters to consumers: >http://news.idg.no/cw/art.cfm?id=99AAA891-1A64-67EA-E4B0225F34268201 > >It seems clear to me that industry needs to come together on this or risk >other stakeholders deciding what industry should do. > >just some thoughts. > > > > > > > > > > >On 08/04/2011 10:39, "Robin Berjon" <robin@robineko.com> wrote: > >>On Apr 8, 2011, at 01:06 , Jules Polonetsky wrote: >>> Pandora seems to be acting just like hundreds of other apps. An entire >>>mobile ad network ecosystem is already built around such >>>data...replicating the traditional ad network and data exchange system >>>on the web. >>> And although udids are used instead of cookies for tracking when third >>>party cookies aren't available in the mobile environment (safari and >>>apps) plenty of web sites or web advertisers pass their account IDs to >>>web ad nets for reporting and analysis. >>> Not justifying, just always surprised when the existence of an entire >>>well publicized industry sector is news! >> >>Because it's only well-publicised to privacy advocates. No one else >>knows. I've been describing this in every outreach or customer meeting >>I've had over the past year or so, and people are at best surprised < in >>general they tend to not really believe it. I think that's part of the >>problem. >> >>-- >>Robin Berjon >> robineko < hired gun, higher standards >> http://robineko.com/ >> >> >> > > > >This email and its attachments are intended for the above named only and >may be confidential. If they have come to you in error you must take no >action based on them, nor must you copy or show them to anyone; please >reply to this email or call +44 207 356 0600 and highlight the error. > > This email and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this email or call +44 207 356 0600 and highlight the error.
Received on Friday, 8 April 2011 18:14:58 UTC