Re: Privacy report on sensors, for generic sensors API.

Hi Greg,

Please find my response in the quoted text.

2016-03-30 14:04 GMT+02:00 Greg Norcie <gnorcie@cdt.org>:

> Hi Lukasz,
>
> I took an initial look at your report. Before I start giving specific
> feedback, could you fill me in a little on your goals for this document? Is
> this meant to be a comprehensive list of privacy concerns in the APIs it
> mentions, or a more general case study of privacy concerns?
>

Thanks!

So my goal was to have a more-or-less actionable document describing some
general and some specific issues related to sensors. It was meant as an
input for privacy considerations of generic sensors API.
But I am also open on transforming it somehow, or making it larger, or even
transforming it in a standard W3C note/etc, if there would be an interest
and should this be adequate - and if that is what you are suggesting? But
in this case I am not familiar with the formal way of doing so.



>
> Any sort of "report" on a specific set of issues will quickly go out of
> date - however a more general case study, where standards writers can see
> some real examples of API privacy failures could be a great tool to help
> people threat model.
>

I understand this concern, thanks. I tried to keep the general parts, quite
general.
As per API failure, perhaps we could use the battery one as a blueprint?


>
> You might want to consider re-organizing so that it's less of an Intro ->
> Discussion -> Conclusion format to something a little less scientific, with
> more of a focus on describing the standards, their privacy issues, the
> impacts of those issues, and maybe a concluding section helping non-privacy
> experts spot the common themes.
>

Interesting thought. I aimed doing this indeed, but the current standards
are still largely drafts. But in any specific section relating to those
drafts, a short description and a reference is present.
Hopefully quite general privacy issues (e.g. in case of ambient light
events...) is useful as well.

Finally, the result of my thinking was to highlight the lack of
transparency/UI. There seem to be no guidance in this region, whatsoever.

Best regards
Lukasz Olejnik


>
>
>

Received on Friday, 1 April 2016 18:46:52 UTC