- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Mon, 20 May 2013 20:16:21 +0200
- To: Marcos Caceres <w3c@marcosc.com>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
* Marcos Caceres wrote: >The Systems Application Working Group would appreciate if PING could >review the Privacy and Security considerations section of the app:// >URI specification (or the spec in general - it's a very small spec, >promise!): The "Privacy and Security Considerations" section can't really be under- stood without understanding the motivation and application of the scheme but the section fails to provide any overview, and overall the document does not explain this very well either. The section would have to explain why such globally unique identifiers are asssigned at all, and why applications are given access to them. It is not obvious that this is actually necessary. It is also unclear how the remedies could be effective. If, for instance, the identifier is re- generated on every launch, that would not help if applications have any way to persist data, since then they could store the first identifier; in fact, if applications can persist data then they could just create an identifier of their own and use that, so it's unclear why this is an issue. Clearing "private data", similarily, would have to purge any and all persisted data in order to ensure the identifier is not kept by the application, but you do not really want to do that most of the time, as that would destroy your configuration data, highscores, savegames, draft documents, or whatever else may be stored by an application. I think the System Applications Working Group needs to put in a bit more of an effort before the Privacy Interest Group can give good feedback on this document. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Monday, 20 May 2013 18:16:55 UTC