PING - informal summary - 24 July 2014 from Christine Runnegar on 2014-07-27 (public-privacy@w3.org from July to September 2014)

From: Christine Runnegar <runnegar@isoc.org>
Date: Sun, 27 Jul 2014 18:23:22 +0000
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <5C24413E-6103-4637-B3FC-68032E9F3544@isoc.org>
PING - informal summary – 24 July 2014 – informal face-to-face meeting

Thank you for taking some time out of your busy schedules at IETF90 to join the informal face-to-face meeting on 24 July 2014. We had some new faces too.

Also, thanks to Natasha Rooney from the Web and Mobile Interest Group for joining us, and for kindly acting as scribe.

=> IEEE Privacy

Juan-Carlos Zuniga (IEEE) shared some information about the newly formed IEEE 802 Executive Committee Privacy Recommendation Study Group.

One proposal for the SG is an opt-in trial to assess the performance and implications of users’ MAC address randomisation.

For more information, please see [1]

=> PING @ IETF90

Christine provided a brief overview of the meeting on 23 July 2014 of the informal task force working on the Privacy Considerations for Web Protocols document.

Please see the notes shared by Joe Hall on the public-privacy email list [2]

=> PING @ TPAC

At the meeting on 23 July 2014, it was suggested that it would be helpful to socialise PING’s thinking on privacy guidance with the broader W3C community at the W3C Combined Technical Plenary and Advisory Committee meetings (TPAC) (27-31 October 2014).

PING has been allocated some time on the Friday (31 October 2014) for a meeting. PING could invite other groups to participate in a discussion during that time slot, but some participants may already be leaving as it is the last day. Other options might be a slot in the breakout sessions on the Wednesday (29 October 2014) and/or a slot in a “chairs gathering”.

Action: The chairs will follow this up and see what can be arranged.

(If you have other suggestions for how PING might use its time at TPAC, please let us know.)

=> Web and Mobile Interest Group (WebMob) [3]

Natasha (co-chair of WebMob) suggested that PING and WebMob have a discussion about the privacy-related aspects of their work.

Action: The chairs will follow up with Natasha.

=> Updates and discussion of some current work/action items

(a) Fingerprinting

Nick gave an overview of the draft Fingerprinting Guidance for Web Specification Authors [4] and invited feedback. This sparked a general discussion about the extent to which the W3C’s work (at large) touches the policy space. (In the context of fingerprinting, detectability may assist with policy enforcement.)

Action: Please review the draft and provide comments. Also, if you are doing an informal privacy review of a draft specification, please try using the draft fingerprinting guidance and share your feedback.

(b) Beacon API

At the last teleconference, Nick suggested that PING examine the privacy considerations of the Beacon API [5], which is being developed by the Web Performance Working Group. The document is at the Last Call Working Draft stage with comments due by 29 July 2014. Nick circulated some preliminary rough notes on the public-privacy email list [6].

One comment was that the current version of the specification does not have security considerations, and it should have both privacy and security considerations. Wendy, in her role, will be providing the WG with the feedback on the importance of a security review.

There was a suggestion that perhaps it could be useful to have a means for the user agent (UA) to view what data is transferred by the API (i.e. for detectability/auditability). However, there was also a comment that it may be difficult for UAs to show to the user that a request is happening that is hard to inspect.

Actions: If you have any outstanding comments on the draft specification, please send them in by 28 July 2014. PING needs to provide comments to the Web Performance WG by 29 July 2014.

(c) IndieUI: User Context 1.0

The IndieUI: User Context 1.0 [7] draft specification has received approval to transition to First Public Working Draft. PING members have been encouraged to review the Privacy Model.

Action: Please volunteer to help Joe review the Privacy Model of User Context 1.0 and share your comments on the public-privacy email list.

(d) Encrypted Media Extensions (EME)

Work is ongoing on the draft Encrypted Media Extensions (EME) specification [8]. PING has an outstanding privacy review.

Action: Wendy to follow up this item.

(e) HTML5 and WebRTC

We would like to find volunteers to review HTML5 and/or WebRTC and/or parts of these specifications for privacy considerations.

Action: Please volunteer to review and/or help us find other people who might be willing to assist.

Next call is at the usual time on 31 July 2014.

Christine and Tara

[1] http://lists.w3.org/Archives/Public/public-privacy/2014JulSep/0014.html

[2] http://lists.w3.org/Archives/Public/public-privacy/2014JulSep/0013.html

[3] http://www.w3.org/2013/07/webmobile-ig-charter.html

[4] https://w3c.github.io/fingerprinting-guidance/

[5] http://www.w3.org/TR/2014/WD-beacon-20140624/

[6] http://lists.w3.org/Archives/Public/public-privacy/2014JulSep/0003.html

[7] http://www.w3.org/TR/2014/WD-indie-ui-context-20140626/

[8] http://www.w3.org/TR/encrypted-media/
Received on Sunday, 27 July 2014 18:23:50 UTC