Re: Privacy Icon Study from Mark Lizar on 2011-03-01 (public-privacy@w3.org from January to March 2011)

From: Mark Lizar <info@smartspecies.com>
Date: Tue, 1 Mar 2011 10:04:11 +0000
To: <jeanpierre.lerouzic@orange-ftgroup.com>
Cc: <ktrilli@truste.com>, <public-privacy@w3.org>
Message-Id: <0D76B507-49CA-49C0-AB22-78F7CD9F9ACA@smartspecies.com>
Thanks Jean,

On 1 Mar 2011, at 08:38, <jeanpierre.lerouzic@orange-ftgroup.com> wrote:

> Hi all,
>
> Your remarks are certainly very important on a theoretical point of  
> view, thanks for launching the discussion.
>
> If your browser says "do not track me", you can legally sue the  
> company that tracked you on many juridictions. You don't need  
> electronic signatures or trusted third parties for that.

So you are suggesting that first, me (a web browsing user) is going to  
realise that I am being tracked (even though I am on a do not track  
list) then that I am going to call/email a lawyer to sue this tracking  
website? Is there a possibility this would be successful?  (In any  
jurisdiction)

> I'ts an unsolved challenge to detect such violations of privacy but  
> current "hard approaches" to privacy such as the one you seems to  
> advocate in this post (I don't know your work sorry) are equally  
> unable to detect it making them as useless as other easier approaches.
> As for the risks not mitigated by the "do not track me" approach,  
> IMO they exist for the 1% of bad guys that do not interact usually  
> with the mainstream browser user.
> All what you refer to "user consent, enforcement, trusted third  
> parties" is very costly and sometime is very difficult to implement,  
> for example how to implement user consent in a Web 2.0 world of  
> composed services?

Consent is already implemented. At this moment there is a global  
infrastructure of opt-in's and out's (on websites) which is presumably  
a major reason why I need to log in and out of web services.  So that  
my consent can be harvested so my data can be re-used and tracked.

For enforcement to be possible people need access to audit logs (e.g.  
transparency) to see when, how, who, is using their information/ 
profiles.     Even more people could have control over their own  
profiles and provide access to this profile to websites, this way  
having access to audit logs wont be a problem.  Then I can call my  
lawyer up, show her proof that my information is being illegally used  
and tracked.    I agree, a do not track list provides the notice to  
websites that consent is not provided for my information to be used  
therefore providing a platform for redress.  Although, even without a  
do not track list, this has always been illegal activity in many  
jurisdictions something that has been observable for many years.   
Still no legal action has stopped this. So I dont think a do not track  
list is going to help besides further popularising/confusing awareness  
of the issue.

>
> As a practitioner I would prefer a practical solution that works 99%  
> of the time instead of a theoretical solution that almost never work  
> in real life because of lack of interest and implementation.

  I have yet to provide a theoretical solution.  Yet, Do Not Track and  
ICONS are not even theoretical solutions from what I can tell.

Are they?

>
> It's only my own opinion indeed.

(opinions welcome)

>
> Jean-Pierre
>
> De : public-privacy-request@w3.org [mailto:public-privacy-request@w3.org 
> ] De la part de Mark Lizar
> Envoyé : mardi 1 mars 2011 01:07
> À : Kevin Trilli
> Cc : public-privacy (W3C mailing list)
> Objet : Re: Privacy Icon Study
>
>
> I am still not sure exactly what  privacy ICONS are going to  
> accomplish without the added infrastructure of consent management,  
> consumer driven enforcement, consistent regulation across  
> jurisdictions.. etc.
>
> How can privacy icons be verified? Do the ICONS come with a standard  
> way to layer privacy  notices?  Didnt Trust-E work on layered  
> notices in 2006?
>
> It seems that ICONS are about 1/4 of what needs to be worked out.     
> Is it possible for someone to point me to information on what the  
> privacy icon initiative at TrustE is actually intended to  
> accomplish?  Does Truste have information on its auditing and  
> accreditation progam for privacy icons? (or how such a program will  
> work?)  Is there such a program at this time?
>
> I apologise for all the questions.  As a researcher I have been  
> working towards proposing the development of a global standard and  
> structure for notices across jurisdictions for quite some time now  
> and yet I find this privacy Icon approach sparse on actually cause  
> and effect information.  Similar to the do not track initiative the  
> privacy icons initiative at this level seems shallow and without  
> actual foundation for enforcement.
>
> Am I wrong?
>
> - Mark Lizar
>
> On 24 Feb 2011, at 16:39, Kevin Trilli wrote:
>
>> Hi all-
>>
>> Related, but independent, to Sören's note, TRUSTe released its  
>> first study on privacy icons, which you can read about on our blog  
>> if you are interested:
>>
>> http://www.truste.com/blog/?p=1172
>>
>> Please contact Travis (User Experience Designer) directly (cc:d) if  
>> you would like to interact or provide any feedback.
>>
>> Thanks Sören for sharing, we will take a look at the latest version  
>> of the standard.
>>
>> Kevin
>>
>>
>>
>> On Feb 24, 2011, at 5:12 AM, Sören Preibusch wrote:
>>
>>> Several proposals of iconographic representations of privacy  
>>> concepts have
>>> been brought up by academia, industry and individual enthusiasts.  
>>> Some of
>>> these proposals were discussed at the Workshop and over this list.
>>>
>>> The Unicode Standard, version 6.0 now introduces a plethora of  
>>> over 750 new
>>> symbols, emoticons, and pictographs, including characters for  
>>> sunrise over
>>> mountains (U+1F304), Bactrian camel (U+1F42B, "has two humps"),
>>> extraterrestrial alien (U+1F47D), circus tent (U+1F3AA), face  
>>> screaming in
>>> fear (U+1F631), etc..
>>>
>>> Two (printable) characters may be more relevant for us:
>>>
>>> 1F50F LOCK WITH INK PEN
>>> = privacy
>>> 1F510 CLOSED LOCK WITH KEY
>>> = secure
>>>
>>> The subtext is the intended meaning. Visual representations can be  
>>> found at
>>> http://www.unicode.org/charts/PDF/Unicode-6.0/ 
>>> U60-1F300.pdf#page=10. As
>>> pointed out by the Consortium, "the glyphs in [the] charts are only
>>> representative; there can be wide variation in the glyphs used to  
>>> represent
>>> any particular character".
>>>
>>> Whilst a single new character in this high range may not be  
>>> interesting in
>>> itself, the combining characters in the standard, such as U+20E0  
>>> (combining
>>> enclosing circle backslash), can be added to express ideas such as  
>>> "no
>>> privacy" or "not secure".
>>>
>>> Sören
>>>
>>>
>>
>
Received on Tuesday, 1 March 2011 10:06:43 UTC