- From: Tara Whalen <tjwhalen@gmail.com>
- Date: Thu, 24 Mar 2016 00:49:50 -0700
- To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-ID: <CA+T70Aj0LcbXAOCNxGNypQ5QF66hZXXAcjrDUgfCqaLUjU93iw@mail.gmail.com>
PING – informal chairs summary – 25 February 2016 Thank you to Stefan Håkansson (WebRTC WG) and Frederick Hirsch (Device APIs WG) for joining our call. Thanks to Nick Doty for acting as scribe. Our next call will be on 24 March 2016 at the usual time. * Web RTC 1.0 The WebRTC Working Group is working toward publishing the WebRTC 1.0 specification to Candidate Recommendation [1] and asked PING for input on privacy aspects [2], including privacy considerations and the risks associated with exposing IP addresses as part of the establishment of the P2P connection. At the time of the PING call, the WG anticipated that Candidate Recommendation status was at least a couple of months away, but the group is working hard to make progress. Discussion during the call identified a number of questions to resolve, which have been summarized and sent to the WG for resolution. In brief, the items to be addressed focused on providing more detailed background on how issues were address or mitigated (e.g., the rationale underlying specific decisions); leakage of information such as local IP addresses or device IDs; and user-focused issues such as how to give effective notifications (e.g., about where data is going), which indicators should be part of the user agent, and how to handle revocation of permissions. * Vibration API The Device APIs WG are considering proposing a revision of the Vibration API, including a possible section on Security and Privacy [3], and reached out to PING for input [4]. The initial concerns raised were that device vibration can be detected (e.g., with motion sensors) and used for fingerprinting, and that a device can be made to vibrate as a means of detection. Further discussion brought up the parallels with previous discussion on the Ambient Light Events review [5] -- specifically, if we can find a way to detect that this is happening and alert the user, the this might act as a mitigation. There was also further focus on cross-device tracking as a risk, with the result that this would be brought back to the WG for discussion. * Privacy Questionnaire A reminder that Greg Norcie has ported the Privacy Questionnaire over to GitHub [6] to make collaboration and contributions easier, and hopes that we can use this document for addressing some of the more difficult privacy questions (e.g., notice and consent). * Next call 24 March 2016 at UTC 17 Christine and Tara [1] https://www.w3.org/TR/2016/WD-webrtc-20160128/ [2] https://lists.w3.org/Archives/Public/public-privacy/2016JanMar/0007.html [3] https://github.com/anssiko/vibration/commit/48489c54e0b7ed80900e0906fa79803c8fa77069 [4] https://lists.w3.org/Archives/Public/public-privacy/2016JanMar/0016.html [5] https://www.w3.org/TR/ambient-light/ [6] https://github.com/gregnorc/ping-privacy-questions
Received on Thursday, 24 March 2016 07:50:26 UTC