- From: Christine Runnegar <runnegar@isoc.org>
- Date: Sat, 27 Apr 2013 08:22:52 +0200
- To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Informal chairs summary – 25 April 2013 Thank you Nick for scribing. The next call will be on 23 May 2013 at the usual time. Thank you to Nick for compiling the list of questions that were generated by the preliminary privacy reviews, and to Karima for putting them into the wiki. You can find them at: http://www.w3.org/wiki/Privacy/Privacy_Considerations. Please help refine and extend this list of questions via the wiki or on the email list. -------------- * Privacy review of EME [led by Wendy Seltzer, taking over from Rigo Wenning] Draft due 16 May 2013 * Privacy review of getUserMedia [led by Hannes Tschofenig] Draft due 16 May 2013 * Privacy guidance Many thanks and compliments to Frank Dawson, Hannes Tschofenig and Nick Doty who have made excellent progress on: - Specification Privacy Assessment (SPA) [Editor: Frank Dawson] This document seeks to provide a methodology for undertaking systematic privacy reviews of W3C specifications, and guidance for writing privacy considerations. Please review the draft that is attached to: http://lists.w3.org/Archives/Public/public-privacy/2013AprJun/0016.html There was a question about whether there would ever be a Web API specification that did not require a privacy assessment. It is likely that all specifications will need a privacy assessment, but that some may only need a “lighter-weight” assessment. - Privacy Considerations for Web Protocols [Editor: Hannes Tschofenig, Nick Doty] This document seeks to provide guidance to Web specification authors on privacy threats and ways to mitigate them. Please review the draft at (the temporary location): http://www.tschofenig.priv.at/w3c-privacy-guidelines.html The group discussed the relationship between the two documents. The subject matter of the documents complement each other, and may ultimately be combined or cross-referenced. The draft privacy considerations document borrows terminology from the IAB draft, but it was noted that the W3C may use other terminology (e.g. user agent) and/or the same terminology but with different meaning to suit the Web context. Some of the guidance from the TAG document has been included in the draft, but phrased differently. The group thought it might be useful to add examples of privacy threats identified during these early privacy reviews, steps that were taken or not taken to mitigate them (and why). - Fingerprinting Guidance for Specification Authors [Editor: Nick Doty] Please review the draft at: http://w3c.github.io/fingerprinting-guidance/ Nick has added definitions of three types of fingerprinting: active; passive; cookie-like. Some people argue that active fingerprinting is to hard a problem to solve because added functionality usually means a larger surface for fingerprinting. However, there may be ways to lessen this. Additionally, there may be more options to mitigate passive fingerprinting, which is harder for a user to identify and block. Volunteers for editors for these documents or help contributing to these action items is requested. Please contact the chairs and/or people noted in brackets to volunteer. Action item for everyone: Please review the three documents over the next week and start providing your feedback via the email list. Link to the minutes: http://www.w3.org/2013/04/25-privacy-minutes.html Christine and Tara
Received on Saturday, 27 April 2013 06:23:21 UTC