RE: Private User Agent Community Group Proposed from Fred Andrews on 2012-11-08 (public-privacy@w3.org from October to December 2012)

From: Fred Andrews <fredandw@live.com>
Date: Thu, 8 Nov 2012 00:30:43 +0000
To: "Frederick.Hirsch@nokia.com" <frederick.hirsch@nokia.com>
CC: "public-privacy@w3.org" <public-privacy@w3.org>
Message-ID: <BLU002-W87FAF9A33F5A97A32152C5AA690@phx.gbl>

Hi Frederick,

Rigo's comments seemed quite balanced, and I am generally support of Rigo too.

Do you have some issues to raise?

cheers
Fred

> From: Frederick.Hirsch@nokia.com
> To: rigo@w3.org
> CC: Frederick.Hirsch@nokia.com; fredandw@live.com; public-privacy@w3.org
> Date: Wed, 7 Nov 2012 20:46:00 +0000
> Subject: Re: Private User Agent Community Group Proposed
> 
> +1, well put Rigo
>  
> regards, Frederick
> 
> Frederick Hirsch
> Nokia
> 
> 
> 
> On Sep 20, 2012, at 2:09 AM, ext Rigo Wenning wrote:
> 
> > Fred, 
> > 
> > On Thursday 20 September 2012 00:12:24 Fred Andrews wrote:
> >> I am open to suggestions on narrowing
> >> the scope to make if clearer that the PUA CG be focused only on
> >> the technical matters.
> > 
> > One of the problems in privacy and data protection is the 
> > entanglement of technical and legal matters. You may fix a leak, but 
> > may be that data leak was unimportant to privacy. And you may have a 
> > hole that is terrible for privacy, but closing it would break half 
> > of the Web and three quarters of its business model. 
> > 
> > The last time I had this discussion was when Mozilla refused to 
> > implement P3P client side because cookie blockers would be so much 
> > more efficient. Cookie blocking was seen as purely technical while 
> > P3P was "Policy stuff". 10 years later we have cookie blockers and 
> > still the same privacy problem and in the DNT work, people still 
> > miss a way to express compliance to more complex privacy regimes. 
> > 
> > When we established the P3P Safezone, the P3P WG did some non-
> > scientific testing whether we would break many things if we would 
> > suppress the referrer header. This was not the case (and I can 
> > confirm that from my current practice). We know which headers are 
> > talking. 
> > 
> > Remains Javascript as the new panacea for the Web. A Turing-complete 
> > language can be used for almost anything. And the question remains 
> > what good practices would recommend. What is good or bad in 
> > practices is mainly a political question. Once you have that 
> > political idea, there is a lot of technical work and insight needed 
> > to describe the limitations to be established within the browser for 
> > the javascript engine. This touches on security concept like "same 
> > origin" as well as the work going on in the Device API Working Group 
> > to remotely access things like address books (and yes, they are 
> > discussing privacy). The german IT-Security administration simply 
> > recommends turning ECMAscript off if one wants secure browsing.
> > 
> > All this to say that "technical matters" is not a scope that will 
> > buy you anything.
> > 
> > Again, I'm not against Nerd's corner and I applaud your initiative. 
> > But I dare pointing out that it makes only sense if it is deeply 
> > rooted in the broader debate happening here. That said, Community 
> > Groups can do whatever. Community Groups are playground. So my email 
> > shouldn't stop you from doing what you want to do. My concern is 
> > rather one of wasted momentum.
> > 
> > Best, 
> > 
> > Rigo
> > 
> 
>

Received on Thursday, 8 November 2012 00:31:10 UTC