- From: Greg Norcie <gnorcie@cdt.org>
- Date: Sun, 3 Apr 2016 13:35:40 -0400
- To: "Lukasz Olejnik (W3C)" <lukasz.w3c@gmail.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-ID: <CAMJgV7aYYZhZ9vZdZ4wj21a7kVqsRC_Q0U=WkEHXaoEvCARQaw@mail.gmail.com>
On Fri, Apr 1, 2016 at 2:46 PM, Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com> wrote: > Hi Greg, > > Please find my response in the quoted text. > > 2016-03-30 14:04 GMT+02:00 Greg Norcie <gnorcie@cdt.org>: > >> Hi Lukasz, >> >> I took an initial look at your report. Before I start giving specific >> feedback, could you fill me in a little on your goals for this document? Is >> this meant to be a comprehensive list of privacy concerns in the APIs it >> mentions, or a more general case study of privacy concerns? >> > > Thanks! > > So my goal was to have a more-or-less actionable document describing some > general and some specific issues related to sensors. It was meant as an > input for privacy considerations of generic sensors API. > But I am also open on transforming it somehow, or making it larger, or > even transforming it in a standard W3C note/etc, if there would be an > interest and should this be adequate - and if that is what you are > suggesting? But in this case I am not familiar with the formal way of doing > so. > > > >> >> Any sort of "report" on a specific set of issues will quickly go out of >> date - however a more general case study, where standards writers can see >> some real examples of API privacy failures could be a great tool to help >> people threat model. >> > > I understand this concern, thanks. I tried to keep the general parts, > quite general. > As per API failure, perhaps we could use the battery one as a blueprint? > > >> >> You might want to consider re-organizing so that it's less of an Intro -> >> Discussion -> Conclusion format to something a little less scientific, with >> more of a focus on describing the standards, their privacy issues, the >> impacts of those issues, and maybe a concluding section helping non-privacy >> experts spot the common themes. >> > > Interesting thought. I aimed doing this indeed, but the current standards > are still largely drafts. But in any specific section relating to those > drafts, a short description and a reference is present. > Hopefully quite general privacy issues (e.g. in case of ambient light > events...) is useful as well. > > Finally, the result of my thinking was to highlight the lack of > transparency/UI. There seem to be no guidance in this region, whatsoever. > > Yes, there is definitely an issue there. But in the past has W3C laid out UI details? > Best regards > Lukasz Olejnik > > >> >> >>
Received on Sunday, 3 April 2016 17:36:27 UTC