RE: Private User Agent Community Group Proposed

Agree with Rigo on this.

Sören


-----Original Message-----
From: Rigo Wenning [mailto:rigo@w3.org] 
Sent: 20 September 2012 07:10
To: Fred Andrews
Cc: public-privacy@w3.org
Subject: Re: Private User Agent Community Group Proposed

One of the problems in privacy and data protection is the 
entanglement of technical and legal matters. You may fix a leak, but 
may be that data leak was unimportant to privacy. And you may have a 
hole that is terrible for privacy, but closing it would break half 
of the Web and three quarters of its business model. 

The last time I had this discussion was when Mozilla refused to 
implement P3P client side because cookie blockers would be so much 
more efficient. Cookie blocking was seen as purely technical while 
P3P was "Policy stuff". 10 years later we have cookie blockers and 
still the same privacy problem and in the DNT work, people still 
miss a way to express compliance to more complex privacy regimes. 

When we established the P3P Safezone, the P3P WG did some non-
scientific testing whether we would break many things if we would 
suppress the referrer header. This was not the case (and I can 
confirm that from my current practice). We know which headers are 
talking. 

Remains Javascript as the new panacea for the Web. A Turing-complete 
language can be used for almost anything. And the question remains 
what good practices would recommend. What is good or bad in 
practices is mainly a political question. Once you have that 
political idea, there is a lot of technical work and insight needed 
to describe the limitations to be established within the browser for 
the javascript engine. This touches on security concept like "same 
origin" as well as the work going on in the Device API Working Group 
to remotely access things like address books (and yes, they are 
discussing privacy). The german IT-Security administration simply 
recommends turning ECMAscript off if one wants secure browsing.

All this to say that "technical matters" is not a scope that will 
buy you anything.

Again, I'm not against Nerd's corner and I applaud your initiative. 
But I dare pointing out that it makes only sense if it is deeply 
rooted in the broader debate happening here. That said, Community 
Groups can do whatever. Community Groups are playground. So my email 
shouldn't stop you from doing what you want to do. My concern is 
rather one of wasted momentum.

Received on Thursday, 20 September 2012 10:27:43 UTC