- From: Hannes Tschofenig <Hannes.Tschofenig@nsn.com>
- Date: Wed, 19 Dec 2012 11:07:35 +0200
- To: ext David Singer <singer@apple.com>
- CC: <erin@elchemy.org>, <public-privacy@w3.org>, Robin Wilton <wilton@isoc.org>
Hi David, I should be more specific. As I explained in my review of Robin's Privacy by Design in APIs writeup I believe that many of the W3C specifications are just extensions to the JavaScript/dynamic code download model. Many of the privacy threats are very similar in that case and there is no point in repeating the same stuff over and over again particularly if nothing can be done at the level of an individual specification (which was btw my main concern about Robin's writeup). >From my experience in the IETF with writing and reviewing security considerations protocol designers do not have endless amount of time (even if we pretend they have). So, you need to make sure that they spend their available time on the topics with the biggest impact. In security 80% of the threats (and their countermeasures) are obvious (typically related to communication security threats). That's where everyone spends his or her time on. The remaining 20% are, however, the tough, hard to understand, and often do not follow a classical patterns. Barely anyone finds time to look at them. In the discussions on the list I also pointed out that the privacy guidelines are different for the various audiences. There is the protocol developer as an audience and they will (as part of the review comments) be able to address one set of recommendations. Those who deploy services are often a different audience and the recommendations for them are likely quite different. In the comments I have seen so far review feedback for these two audiences is mixed together. This tend tends to be less useful. Ciao Hannes PS: In this specific document I am not even sure that we are talking about personal data. On 12/19/12 2:28 AM, "ext David Singer" <singer@apple.com> wrote: > > On Dec 18, 2012, at 6:16 , "Tschofenig, Hannes (NSN - FI/Espoo)" > <hannes.tschofenig@nsn.com> wrote: > >> I think that this spec illustrates quite nicely how useless it is to deal >> with privacy at the level of each individual specification. > > I don't think it is useless; there are privacy implications of individual > specs as well as privacy implications of putting them together with others. > > >> >> Hannes >> >> Sent from my Windows Phone >> >> From: ext Erin Kenneally >> Sent: 12/18/2012 3:56 PM >> To: public-privacy@w3.org >> Cc: wilton@isoc.org >> Subject: Re: PING - please volunteer - Ambient Light Events >> >> I was able to quickly read through the spec wrt privacy and security >> implications, precisely because it is an extract of the larger more >> complicated Sensor API which in and of itself raises no reasonable >> concerns. The capability *potential* does indeed raise privacy & >> security issues, but the segregation of specific events (ambient light >> being the one in this instance) for implementation simplicity also >> allows precise identification/exclusion of p&s issues. So, while >> Robin's comments about capabilities will prove to be pertinent in the >> review of other components of the aggregate spec, I think we need to be >> mindful not to lose sight of the impacts of the interaction between >> individual specs... and that can only be done when all components are at >> the table. >> >> /erin
Received on Wednesday, 19 December 2012 09:08:22 UTC