Re: [review] Performance APIs, Security and Privacy

Greg, thanks for the pointer, I was not aware of that questionnaire. Quick
question, it looks to be complimentary to [1] - is that right, or is the
goal to merge those two? I reference [1] in our note, and I'm wondering if
I should be linking to both or just one of them.

[1] https://www.w3.org/TR/fingerprinting-guidance/

On Tue, Jun 7, 2016 at 5:52 AM, Greg Norcie <gnorcie@cdt.org> wrote:

> Sorry for jumping the gun! The privacy questionaire is a pet project of
> mine, so I got excited about getting some real world feedback.
>
> I will review your note and get back to you shortly.
>
>
>
>
> /********************************************/
> Greg Norcie (norcie@cdt.org)
> Staff Technologist
> Center for Democracy & Technology
> District of Columbia office
> (p) 202-637-9800
> PGP: http://norcie.com/pgp.txt
>
> /*******************************************/
>
> On Tue, Jun 7, 2016 at 6:21 AM, Joseph Lorenzo Hall <joe@cdt.org> wrote:
>
>> This is a group note specific to security and privacy of WebPerf, not
>> a spec, so the questionnaire may not exactly fit.
>>
>> On Mon, Jun 6, 2016 at 10:18 AM, Greg Norcie <gnorcie@cdt.org> wrote:
>> > Hi Ilya,
>> >
>> > In order to streamline the review process, PING has been developing a
>> > Privacy Questionnaire[1]
>> >
>> > If you or one of the members of your team could look through your
>> proposal
>> > using the questionnaire, we would greatly appreciate it.
>> >
>> > (And afterwards, I'd love to hear feedback on how useful the
>> questionnaire
>> > is or how it could be improved, and will be happy to help take a look
>> at any
>> > remaining issues.)
>> >
>> > Thanks for your help!
>> >
>> > [1] https://gregnorc.github.io/ping-privacy-questions/
>> >
>> >
>> > /********************************************/
>> > Greg Norcie (norcie@cdt.org)
>> > Staff Technologist
>> > Center for Democracy & Technology
>> > District of Columbia office
>> > (p) 202-637-9800
>> > PGP: http://norcie.com/pgp.txt
>> >
>> > /*******************************************/
>> >
>> > On Wed, Jun 1, 2016 at 5:10 PM, Ilya Grigorik <ilya@igvita.com> wrote:
>> >>
>> >> Hey all.
>> >>
>> >> Would love to hear any thoughts or comments on a note we've been
>> working
>> >> on over at webperf (for motivation, see [1]):
>> >>
>> >> "The fact that something is possible to measure, and may even be highly
>> >> desirable and useful to expose to developers, does not mean that it
>> can be
>> >> exposed as runtime JavaScript API in the browser, due to various
>> privacy and
>> >> security constraints. The goal of this document is to explain why that
>> is
>> >> the case and to provide guidance for what needs to be considered when
>> making
>> >> or evaluating a proposal for such APIs."
>> >>
>> >> https://w3c.github.io/perf-security-privacy/
>> >>
>> >> If you have any feedback, or spot any issues, please open an issue on
>> >> GitHub:
>> >> https://github.com/w3c/perf-security-privacy/issues
>> >>
>> >> Thanks!
>> >> ig
>> >>
>> >> [1]
>> https://lists.w3.org/Archives/Public/public-web-perf/2016Apr/0010.html
>> >
>> >
>>
>>
>>
>> --
>> Joseph Lorenzo Hall
>> Chief Technologist, Center for Democracy & Technology [
>> https://www.cdt.org]
>> 1401 K ST NW STE 200, Washington DC 20005-3497
>> e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
>> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>>
>
>

Received on Tuesday, 7 June 2016 16:47:30 UTC