- From: Rigo Wenning <rigo@w3.org>
- Date: Thu, 20 Sep 2012 08:09:41 +0200
- To: Fred Andrews <fredandw@live.com>
- Cc: "public-privacy@w3.org" <public-privacy@w3.org>
Fred, On Thursday 20 September 2012 00:12:24 Fred Andrews wrote: > I am open to suggestions on narrowing > the scope to make if clearer that the PUA CG be focused only on > the technical matters. One of the problems in privacy and data protection is the entanglement of technical and legal matters. You may fix a leak, but may be that data leak was unimportant to privacy. And you may have a hole that is terrible for privacy, but closing it would break half of the Web and three quarters of its business model. The last time I had this discussion was when Mozilla refused to implement P3P client side because cookie blockers would be so much more efficient. Cookie blocking was seen as purely technical while P3P was "Policy stuff". 10 years later we have cookie blockers and still the same privacy problem and in the DNT work, people still miss a way to express compliance to more complex privacy regimes. When we established the P3P Safezone, the P3P WG did some non- scientific testing whether we would break many things if we would suppress the referrer header. This was not the case (and I can confirm that from my current practice). We know which headers are talking. Remains Javascript as the new panacea for the Web. A Turing-complete language can be used for almost anything. And the question remains what good practices would recommend. What is good or bad in practices is mainly a political question. Once you have that political idea, there is a lot of technical work and insight needed to describe the limitations to be established within the browser for the javascript engine. This touches on security concept like "same origin" as well as the work going on in the Device API Working Group to remotely access things like address books (and yes, they are discussing privacy). The german IT-Security administration simply recommends turning ECMAscript off if one wants secure browsing. All this to say that "technical matters" is not a scope that will buy you anything. Again, I'm not against Nerd's corner and I applaud your initiative. But I dare pointing out that it makes only sense if it is deeply rooted in the broader debate happening here. That said, Community Groups can do whatever. Community Groups are playground. So my email shouldn't stop you from doing what you want to do. My concern is rather one of wasted momentum. Best, Rigo
Received on Thursday, 20 September 2012 06:10:10 UTC