W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2016

Beacon updates

From: Nick Doty <npdoty@ischool.berkeley.edu>
Date: Thu, 21 Jan 2016 17:16:13 -0800
Message-Id: <1F87DC20-01EA-4470-AC03-516FF0A27892@ischool.berkeley.edu>
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Hi PING,

A quick update. Since our review back in 2014 [1], and repeated discussion at TPAC 2015, the Web Perf group has made substantial changes to the Beacon spec. I believe these changes simplify and clarify the spec [2] and also mitigate the distinct privacy and security concerns we raised. Good work all around.

One open issue [3]: I've suggested that the spec explicitly note the privacy implication that Beacon can be used to send telemetry/analytics data back to the server (data which might be privacy sensitive or not expected by the user) and that since the data might be sent just after the page is closed, the activity will be less visible to the user. Given that current methods accomplish the same data transfer but at the cost of slowing navigations by blocking unload, I think the argument that this trade-off is good for the user makes a lot of sense, I've just suggested that it be explicitly noted.

If PING feels differently from me on that, please do speak up, I don't want to misrepresent you. It would also be useful to have a general guideline for when certain kinds of trade-offs make sense, or what levels of privacy consideration should be documented in a spec.

Cheers,
Nick


[1] https://lists.w3.org/Archives/Public/public-web-perf/2014Jul/0109.html <https://lists.w3.org/Archives/Public/public-web-perf/2014Jul/0109.html>
[2] https://w3c.github.io/beacon/ <https://w3c.github.io/beacon/>
[3] https://github.com/w3c/beacon/issues/17 <https://github.com/w3c/beacon/issues/17>


Received on Friday, 22 January 2016 01:16:40 UTC

This archive was generated by hypermail 2.3.1 : Friday, 22 January 2016 01:16:40 UTC