W3C home > Mailing lists > Public > public-privacy@w3.org > April to June 2016

Re: [review] Performance APIs, Security and Privacy

From: Christine Runnegar <runnegar@isoc.org>
Date: Tue, 7 Jun 2016 23:17:42 +0000
To: "norcie@cdt.org" <norcie@cdt.org>
CC: Ilya Grigorik <ilya@igvita.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <391B5838-353F-4CE0-B213-D0DF93EFA8B8@isoc.org>
Dear Ilya,

Thank you for bringing this work to the attention of PING.

Our next monthly call will be on Thursday 23 June 2016 at UTC 16. Would you like to join us to discuss the draft Working Group Note?

Kind regards,
Christine (PING co-chair)

> On 7 Jun 2016, at 11:05 AM, Greg Norcie <gnorcie@cdt.org> wrote:
> 
> Hi Ilya,
> 
> Thanks for asking! 
> 
> Yes, it is meant to be complimentary. We at PING often have people come to us for reviews of new standards, and the goal of the quiz is to empower standards writers who may not have a privacy background to do an initial privacy review to spot some of the more common issues (including, but not limited to) fingerprinting present in a spec.
> 
> 
> 
> /********************************************/
> Greg Norcie (norcie@cdt.org)
> Staff Technologist
> Center for Democracy & Technology
> District of Columbia office
> (p) 202-637-9800
> PGP: http://norcie.com/pgp.txt
> 
> /*******************************************/
> 
> On Tue, Jun 7, 2016 at 12:46 PM, Ilya Grigorik <ilya@igvita.com> wrote:
> Greg, thanks for the pointer, I was not aware of that questionnaire. Quick question, it looks to be complimentary to [1] - is that right, or is the goal to merge those two? I reference [1] in our note, and I'm wondering if I should be linking to both or just one of them.
> 
> [1] https://www.w3.org/TR/fingerprinting-guidance/
> 
> On Tue, Jun 7, 2016 at 5:52 AM, Greg Norcie <gnorcie@cdt.org> wrote:
> Sorry for jumping the gun! The privacy questionaire is a pet project of mine, so I got excited about getting some real world feedback.
> 
> I will review your note and get back to you shortly.
> 
> 
> 
> 
> /********************************************/
> Greg Norcie (norcie@cdt.org)
> Staff Technologist
> Center for Democracy & Technology
> District of Columbia office
> (p) 202-637-9800
> PGP: http://norcie.com/pgp.txt
> 
> /*******************************************/
> 
> On Tue, Jun 7, 2016 at 6:21 AM, Joseph Lorenzo Hall <joe@cdt.org> wrote:
> This is a group note specific to security and privacy of WebPerf, not
> a spec, so the questionnaire may not exactly fit.
> 
> On Mon, Jun 6, 2016 at 10:18 AM, Greg Norcie <gnorcie@cdt.org> wrote:
> > Hi Ilya,
> >
> > In order to streamline the review process, PING has been developing a
> > Privacy Questionnaire[1]
> >
> > If you or one of the members of your team could look through your proposal
> > using the questionnaire, we would greatly appreciate it.
> >
> > (And afterwards, I'd love to hear feedback on how useful the questionnaire
> > is or how it could be improved, and will be happy to help take a look at any
> > remaining issues.)
> >
> > Thanks for your help!
> >
> > [1] https://gregnorc.github.io/ping-privacy-questions/
> >
> >
> > /********************************************/
> > Greg Norcie (norcie@cdt.org)
> > Staff Technologist
> > Center for Democracy & Technology
> > District of Columbia office
> > (p) 202-637-9800
> > PGP: http://norcie.com/pgp.txt
> >
> > /*******************************************/
> >
> > On Wed, Jun 1, 2016 at 5:10 PM, Ilya Grigorik <ilya@igvita.com> wrote:
> >>
> >> Hey all.
> >>
> >> Would love to hear any thoughts or comments on a note we've been working
> >> on over at webperf (for motivation, see [1]):
> >>
> >> "The fact that something is possible to measure, and may even be highly
> >> desirable and useful to expose to developers, does not mean that it can be
> >> exposed as runtime JavaScript API in the browser, due to various privacy and
> >> security constraints. The goal of this document is to explain why that is
> >> the case and to provide guidance for what needs to be considered when making
> >> or evaluating a proposal for such APIs."
> >>
> >> https://w3c.github.io/perf-security-privacy/
> >>
> >> If you have any feedback, or spot any issues, please open an issue on
> >> GitHub:
> >> https://github.com/w3c/perf-security-privacy/issues
> >>
> >> Thanks!
> >> ig
> >>
> >> [1] https://lists.w3.org/Archives/Public/public-web-perf/2016Apr/0010.html
> >
> >
> 
> 
> 
> --
> Joseph Lorenzo Hall
> Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
> 1401 K ST NW STE 200, Washington DC 20005-3497
> e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
> 
> 
> 
Received on Tuesday, 7 June 2016 23:18:13 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:33 UTC