Re: app: URI - Request for review of privacy aspects

* Marcos Caceres wrote:
>The Systems Application Working Group would appreciate if PING could 
>review the Privacy and Security considerations section of the app://
>URI specification (or the spec in general - it's a very small spec, 
>promise!): 

The "Privacy and Security Considerations" section can't really be under-
stood without understanding the motivation and application of the scheme
but the section fails to provide any overview, and overall the document
does not explain this very well either.

The section would have to explain why such globally unique identifiers
are asssigned at all, and why applications are given access to them. It
is not obvious that this is actually necessary. It is also unclear how
the remedies could be effective. If, for instance, the identifier is re-
generated on every launch, that would not help if applications have any
way to persist data, since then they could store the first identifier;
in fact, if applications can persist data then they could just create an
identifier of their own and use that, so it's unclear why this is an
issue. Clearing "private data", similarily, would have to purge any and
all persisted data in order to ensure the identifier is not kept by the
application, but you do not really want to do that most of the time, as
that would destroy your configuration data, highscores, savegames, draft
documents, or whatever else may be stored by an application.

I think the System Applications Working Group needs to put in a bit more
of an effort before the Privacy Interest Group can give good feedback on
this document.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

Received on Monday, 20 May 2013 18:16:55 UTC