- From: Christine Runnegar <runnegar@isoc.org>
- Date: Fri, 11 Sep 2015 05:07:30 +0000
- To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Thank you to Anssi Kostiainen, Mark Foltz and colleagues from the Second Screen Working Group for joining our call. Thanks to Mike O’Neill for acting as scribe! Our next call will be on 17 September at the usual time. * Presentation API privacy considerations Anssi Kostianinen and Mark Foltz provided an overview of the working draft Presentation API [1], a Web API to make use of secondary displays to allow the display of a second piece of Web content. Basically, there are two steps involved: communicating what content is to be presented and discovering whether a screen is available. There are two modes: the API could send a URL to the user agent; or the browser could send a media stream. The API supports different media technologies (e.g. Mirrorcast, Airplay, WebRTC, Chrome Tab Mirroring). See [2] for use cases. We discussed the four privacy issues raised in Francois Daoust’s email [3]. Issues are tracked in GitHub [4]. (a) Private mode browsing for the presenting context Since the presenting device could be a shared device, the Second Screen WG would like to consider how to protect a user’s privacy where the device is subsequently used by another individual or individuals. (Note: communications between the controlling and presenting side must be confidential.) The WG is considering something like private mode for browsers, but currently there is no standard for private mode. Note: the TAG is working on something along these lines, but it is not yet clear where this work will end up. There seem to be two possible options: (i) render the content in the same browser or (ii) send the content to a different user agent. Option (i) appears preferable for user privacy and offers more consistent behaviour, which is more desirable for developers. So, the WG is considering requiring the presenting user agent to load the presentation URL in private mode. Nick Doty inquired whether user privacy could be protected using login procedures and session cookies (e.g. Netflix approach), but Mark said the API is designed so that the login information is kept on the control side and messaging is used for the presentation side. More details here: https://github.com/w3c/presentation-api/issues/45 (b) Fingerprinting and screen availability monitoring Anssi explained that to provide a good user experience, the API needs to know whether it can present the content before asking the user. But, the API takes a Boolean approach – it queries – are there any screens available or not. It does not ask the number or other aspects of the displays. However, the presence (or not) of screens adds one bit of fingerprinting info. Nick expressed the view that this Boolean approach is preferable to a more detailed query, and that the fingerprinting of this info should be relatively easily detectable, but it would be worth considering whether there is an alternate way to implement the API. More details here: https://github.com/w3c/presentation-api/issues/9 (c) Security and privacy considerations The WG is looking for guidance on the text for the security and privacy considerations. In identifying these four privacy issues, the WG used Mike West’s proposed Self-Review Questionnaire: Security and Privacy, adopted as a working draft by the TAG [5]. PING welcomes feedback on the questionnaire: PING is currently working on a more detailed questionnaire [6] to complement the TAG’s work in this area. More details here: https://github.com/w3c/presentation-api/issues/45 (d) Rejecting the promise when the user cancels the screen selection If a user gets a prompt to use a screen and chooses cancel, the API knows. However, Nick queried the difference between “user rejected the request” and “user ignored the request”, noting that apps need to handle the situation where the user chooses to ignore the prompt in any case. Mark responded that some sites may want to pause the video and resume if the user accepts. More details here: https://github.com/w3c/presentation-api/issues/20 Kudos to the Second Screen WG for their very thoughtful consideration of potential privacy issues as they are developing the specification. The Second Screen WG is looking for feedback prior to their meeting at TPAC. Additional note: Greg Norcie kindly volunteered to “road-test” the PING working draft privacy questionnaire with the Presentation API. Action item: Please volunteer to help Greg with the privacy review. * Update on privacy questionnaire and fingerprinting guidance See notes above re privacy questionnaire. Please contribute via the wiki [6]. Nick will update the fingerprinting guidance document, with a view to publishing the final version as a Group Note. * Next PING call Our call is scheduled for 17 September 2015 at UTC 16. We will be discussing the Geofencing API. Link to minutes: http://www.w3.org/2015/08/13-privacy-minutes.html Christine and Tara [1] http://www.w3.org/TR/presentation-api/ [2] https://github.com/w3c/presentation-api/blob/gh-pages/uc-req.md [3] https://lists.w3.org/Archives/Public/public-secondscreen/2015Jul/0010.html [4] https://github.com/w3c/presentation-api/issues/45 [5] https://w3ctag.github.io/security-questionnaire/ [6] PING’s work on security and privacy questionnaire - https://www.w3.org/wiki/Privacy_and_security_questionnaire
Received on Friday, 11 September 2015 05:08:08 UTC