RE: Privacy Icon Study from jeanpierre.lerouzic@orange-ftgroup.com on 2011-03-01 (public-privacy@w3.org from January to March 2011)

From: <jeanpierre.lerouzic@orange-ftgroup.com>
Date: Tue, 1 Mar 2011 09:38:10 +0100
To: <info@smartspecies.com>, <ktrilli@truste.com>
Cc: <public-privacy@w3.org>
Message-ID: <F1A741D65FFEF6489D607B26ABA0ED57037D49B4@ftrdmel0.rd.francetelecom.fr>

Hi all,

Your remarks are certainly very important on a theoretical point of view, thanks for launching the discussion.

If your browser says "do not track me", you can legally sue the company that tracked you on many juridictions. You don't need electronic signatures or trusted third parties for that.
I'ts an unsolved challenge to detect such violations of privacy but current "hard approaches" to privacy such as the one you seems to advocate in this post (I don't know your work sorry) are equally unable to detect it making them as useless as other easier approaches.
As for the risks not mitigated by the "do not track me" approach, IMO they exist for the 1% of bad guys that do not interact usually with the mainstream browser user.
All what you refer to "user consent, enforcement, trusted third parties" is very costly and sometime is very difficult to implement, for example how to implement user consent in a Web 2.0 world of composed services?

As a practitioner I would prefer a practical solution that works 99% of the time instead of a theoretical solution that almost never work in real life because of lack of interest and implementation.

It's only my own opinion indeed.

Jean-Pierre

________________________________

De : public-privacy-request@w3.org [mailto:public-privacy-request@w3.org] De la part de Mark Lizar
Envoyé : mardi 1 mars 2011 01:07
À : Kevin Trilli
Cc : public-privacy (W3C mailing list)
Objet : Re: Privacy Icon Study

I am still not sure exactly what privacy ICONS are going to accomplish without the added infrastructure of consent management, consumer driven enforcement, consistent regulation across jurisdictions.. etc.

How can privacy icons be verified? Do the ICONS come with a standard way to layer privacy notices? Didnt Trust-E work on layered notices in 2006?

It seems that ICONS are about 1/4 of what needs to be worked out. Is it possible for someone to point me to information on what the privacy icon initiative at TrustE is actually intended to accomplish? Does Truste have information on its auditing and accreditation progam for privacy icons? (or how such a program will work?) Is there such a program at this time?

I apologise for all the questions. As a researcher I have been working towards proposing the development of a global standard and structure for notices across jurisdictions for quite some time now and yet I find this privacy Icon approach sparse on actually cause and effect information. Similar to the do not track initiative the privacy icons initiative at this level seems shallow and without actual foundation for enforcement.

Am I wrong?

- Mark Lizar

On 24 Feb 2011, at 16:39, Kevin Trilli wrote:

Hi all-

Related, but independent, to Sören's note, TRUSTe released its first study on privacy icons, which you can read about on our blog if you are interested:

http://www.truste.com/blog/?p=1172

<http://www.truste.com/blog/?p=1172> Please contact Travis (User Experience Designer) directly (cc:d) if you would like to interact or provide any feedback.

Thanks Sören for sharing, we will take a look at the latest version of the standard.

Kevin

On Feb 24, 2011, at 5:12 AM, Sören Preibusch wrote:

Several proposals of iconographic representations of privacy concepts have
been brought up by academia, industry and individual enthusiasts. Some of
these proposals were discussed at the Workshop and over this list.

The Unicode Standard, version 6.0 now introduces a plethora of over 750 new
symbols, emoticons, and pictographs, including characters for sunrise over
mountains (U+1F304), Bactrian camel (U+1F42B, "has two humps"),
extraterrestrial alien (U+1F47D), circus tent (U+1F3AA), face screaming in
fear (U+1F631), etc..

Two (printable) characters may be more relevant for us:

1F50F LOCK WITH INK PEN
= privacy
1F510 CLOSED LOCK WITH KEY
= secure

The subtext is the intended meaning. Visual representations can be found at
http://www.unicode.org/charts/PDF/Unicode-6.0/U60-1F300.pdf#page=10. As
pointed out by the Consortium, "the glyphs in [the] charts are only
representative; there can be wide variation in the glyphs used to represent
any particular character".

Whilst a single new character in this high range may not be interesting in
itself, the combining characters in the standard, such as U+20E0 (combining
enclosing circle backslash), can be added to express ideas such as "no
privacy" or "not secure".

Sören

Received on Tuesday, 1 March 2011 08:45:29 UTC