PING - informal chairs summary for 4 March 2014 f2f from Christine Runnegar on 2014-03-07 (public-privacy@w3.org from January to March 2014)

From: Christine Runnegar <runnegar@isoc.org>
Date: Fri, 7 Mar 2014 09:17:59 +0000
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <34ED7BDF-C2E7-488A-A52A-D7E71A81B62B@isoc.org>

Dear colleagues,

We had an informal face-to-face meeting alongside IETF89 on Tuesday 4 March 2014 (14 attendees).
Thank you to those who were able to join us. It was a really great discussion.

informal chairs' summary

1. Welcome, introductions and overview of PING for newcomers

2. Fingerprinting guidance for Web specification authors (Nick Doty)

Nick: There is quite a lot of work in the IETF that touches on fingerprints and identifiers (e.g. identifiers in TLS handshakes) so it is useful to connect to this work and the approach being taken in the IETF. In the Web context, there is still a lot of pushback along the lines that effectively mitigating fingerprinting is not feasible. However, the consensus in the room is that (a) it is worth attempting to mitigate at least some forms and circumstances of fingerprinting and (b) making its occurrence more detectable by researchers and regulators.

Two potential mitigations were raised and discussed: (a) obfuscating the fingerprint by generating a string that fakes the browser type response; (b) running a virtual machine with a fake browser fingerprint. While there are some plug-ins that achieve (a), they don't really provide effective obfuscation because there are some many different functionalities across browsers that it is really difficult to effectively hide which browser is being used. Tor recommends the virtual machine approach as a means to make Tor users appear the same. There was a query about whether "private browsing mode" could become a mode where fonts and other browser features/functionalities are hidden?

Wendy suggested that it could be helpful either in this document or another document to work through some of the trade-offs between functionality and fingerprinting.

There was also some discussion as to what analysis to perform - specifically threat-based (traditional security approach), risk-based, rights-based - and comments that there can be bad privacy outcomes even before there is actual measurable "harm". Some users do not want to have their browsing history correlated and/or they assume they are anonymous when they browse the Web. Simply collecting data puts that data at risk of data breach, misuse, government access, chilling effects of the collection, third-party use, etc. Also, fingerprinting has been used for price discrimination (e.g. airline example).

Joe Hall gave a pointer to a paper from CDT - Why Collection Matters: Surveillance as a de facto privacy harm [1].

Caching-types of fingerprinting (whether e-tag or something else) seem to be the most substantial and most difficult to address.

Next steps =>

Nick will produce a revised draft. Text and/or additional editors are welcome.

3. Privacy Reviews

Joe Hall will be meeting with Frank Dawson on Friday in Washington D.C. "rolling up their sleeves" to work on a privacy review process and an exemplar for a privacy considerations section. Frank Dawson has developed a draft process for privacy reviews (SPA) which is more in the nature of a decision-tree rather than a simple checklist. A more lightweight solution may be needed for the W3C.

There was some discussion as to the appropriate candidate for this exercise. GetUserMedia, or Content Service Policy (if the editors, WG chairs are agreeable) were two suggested candidates.

We also discussed the possibility a combined W3C-IETF privacy review of common work (e.g. WebRTC-RTCWeb).

Note: The STREWS project has been undertaking a security analysis of WebRTC which should be available in the short term.

Next steps =>

Joe Hall and Frank Dawson to work on an exemplar privacy review (perhaps GetUserMedia or CSP) and a light-weight review process.
Chairs to socialize the idea of a combined W3C-IETF privacy review of WebRTC and RTCWeb.

4. Privacy considerations for Web specifications

Hannes Tschofenig has prepared a draft. Additional work is needed. RFC 6973 is a useful starting point, but there are likely to be additional or different considerations for the Web.

5. Privacy and Security reviews (Wendy Seltzer)

There are some discussions internally about building a privacy and security consulting and review function. Feedback as to how to engage that expertise and provide an early interface between experts is welcome. There was some discussion about the idea of some sort of joint guidance on security and privacy and a proposal for PING and the Web Security Interest Group to work together on reviews.

Next steps =>

Chairs to propose to the Web Security Interest Group chairs that the IG join PING calls and IGs work together on combined privacy and security reviews

6. W3C Privacy Activity Web

http://www.w3.org/Privacy/

This needs to be updated.

Next steps =>

Chairs (with Nick) to update the PING content.

7. Other

There is some interest in doing some specific work on mobile privacy in the W3C.

Mark Lizar pointed the group to Mobile Location Analytics Code of Practice [2] and queried whether there might be some overlap between this work and the W3C's privacy activity.

[1] http://www.futureofprivacy.org/wp-content/uploads/Brookman-Why-Collection-Matters.pdf
[2] http://www.futureofprivacy.org/wp-content/uploads/10.22.13-FINAL-MLA-Code.pdf

Christine and Tara

Attachments

application/pkcs7-signature attachment: smime.p7s

Received on Friday, 7 March 2014 09:18:30 UTC