- From: <Frederick.Hirsch@nokia.com>
- Date: Wed, 7 Nov 2012 20:46:00 +0000
- To: <rigo@w3.org>
- CC: <Frederick.Hirsch@nokia.com>, <fredandw@live.com>, <public-privacy@w3.org>
+1, well put Rigo regards, Frederick Frederick Hirsch Nokia On Sep 20, 2012, at 2:09 AM, ext Rigo Wenning wrote: > Fred, > > On Thursday 20 September 2012 00:12:24 Fred Andrews wrote: >> I am open to suggestions on narrowing >> the scope to make if clearer that the PUA CG be focused only on >> the technical matters. > > One of the problems in privacy and data protection is the > entanglement of technical and legal matters. You may fix a leak, but > may be that data leak was unimportant to privacy. And you may have a > hole that is terrible for privacy, but closing it would break half > of the Web and three quarters of its business model. > > The last time I had this discussion was when Mozilla refused to > implement P3P client side because cookie blockers would be so much > more efficient. Cookie blocking was seen as purely technical while > P3P was "Policy stuff". 10 years later we have cookie blockers and > still the same privacy problem and in the DNT work, people still > miss a way to express compliance to more complex privacy regimes. > > When we established the P3P Safezone, the P3P WG did some non- > scientific testing whether we would break many things if we would > suppress the referrer header. This was not the case (and I can > confirm that from my current practice). We know which headers are > talking. > > Remains Javascript as the new panacea for the Web. A Turing-complete > language can be used for almost anything. And the question remains > what good practices would recommend. What is good or bad in > practices is mainly a political question. Once you have that > political idea, there is a lot of technical work and insight needed > to describe the limitations to be established within the browser for > the javascript engine. This touches on security concept like "same > origin" as well as the work going on in the Device API Working Group > to remotely access things like address books (and yes, they are > discussing privacy). The german IT-Security administration simply > recommends turning ECMAscript off if one wants secure browsing. > > All this to say that "technical matters" is not a scope that will > buy you anything. > > Again, I'm not against Nerd's corner and I applaud your initiative. > But I dare pointing out that it makes only sense if it is deeply > rooted in the broader debate happening here. That said, Community > Groups can do whatever. Community Groups are playground. So my email > shouldn't stop you from doing what you want to do. My concern is > rather one of wasted momentum. > > Best, > > Rigo >
Received on Wednesday, 7 November 2012 20:46:31 UTC