Re: Privacy report on sensors, for generic sensors API. from Greg Norcie on 2016-04-03 (public-privacy@w3.org from April to June 2016)

From: Greg Norcie <gnorcie@cdt.org>
Date: Sun, 3 Apr 2016 13:35:40 -0400
To: "Lukasz Olejnik (W3C)" <lukasz.w3c@gmail.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <CAMJgV7aYYZhZ9vZdZ4wj21a7kVqsRC_Q0U=WkEHXaoEvCARQaw@mail.gmail.com>

On Fri, Apr 1, 2016 at 2:46 PM, Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com>
wrote:

> Hi Greg,
>
> Please find my response in the quoted text.
>
> 2016-03-30 14:04 GMT+02:00 Greg Norcie <gnorcie@cdt.org>:
>
>> Hi Lukasz,
>>
>> I took an initial look at your report. Before I start giving specific
>> feedback, could you fill me in a little on your goals for this document? Is
>> this meant to be a comprehensive list of privacy concerns in the APIs it
>> mentions, or a more general case study of privacy concerns?
>>
>
> Thanks!
>
> So my goal was to have a more-or-less actionable document describing some
> general and some specific issues related to sensors. It was meant as an
> input for privacy considerations of generic sensors API.
> But I am also open on transforming it somehow, or making it larger, or
> even transforming it in a standard W3C note/etc, if there would be an
> interest and should this be adequate - and if that is what you are
> suggesting? But in this case I am not familiar with the formal way of doing
> so.
>
>
>
>>
>> Any sort of "report" on a specific set of issues will quickly go out of
>> date - however a more general case study, where standards writers can see
>> some real examples of API privacy failures could be a great tool to help
>> people threat model.
>>
>
> I understand this concern, thanks. I tried to keep the general parts,
> quite general.
> As per API failure, perhaps we could use the battery one as a blueprint?
>
>
>>
>> You might want to consider re-organizing so that it's less of an Intro ->
>> Discussion -> Conclusion format to something a little less scientific, with
>> more of a focus on describing the standards, their privacy issues, the
>> impacts of those issues, and maybe a concluding section helping non-privacy
>> experts spot the common themes.
>>
>
> Interesting thought. I aimed doing this indeed, but the current standards
> are still largely drafts. But in any specific section relating to those
> drafts, a short description and a reference is present.
> Hopefully quite general privacy issues (e.g. in case of ambient light
> events...) is useful as well.
>
> Finally, the result of my thinking was to highlight the lack of
> transparency/UI. There seem to be no guidance in this region, whatsoever.
>
>
Yes, there is definitely an issue there. But in the past has W3C laid out
UI details?



> Best regards
> Lukasz Olejnik
>
>
>>
>>
>>

Received on Sunday, 3 April 2016 17:36:27 UTC