Re: Privacy report on sensors, for generic sensors API. from Lukasz Olejnik (W3C) on 2016-03-29 (public-privacy@w3.org from January to March 2016)

From: Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com>
Date: Tue, 29 Mar 2016 16:34:44 +0200
To: norcie@cdt.org
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>, W3C Device APIs WG <public-device-apis@w3.org>
Message-ID: <CAC1M5qr8_Vt6ZjqSpn1c6-u_1Y3Gp+crE4dPNoCzHtGpn7CPGw@mail.gmail.com>

Hi Greg,

No timeline, take your time.

But I'm looking forward to feedback, hopefully we might bake something good
and perhaps not entirely expected ;)

Best
Lukasz

2016-03-29 16:21 GMT+02:00 Greg Norcie <gnorcie@cdt.org>:

> Hi Lukasz,
>
> Thanks for reaching out, we really appreciate it. We're happy to help.
>
> Do you have a timeline for when you'll need comments by?
>
>
> /********************************************/
> Greg Norcie (norcie@cdt.org)
> Staff Technologist
> Center for Democracy & Technology
> District of Columbia office
> (p) 202-637-9800
> PGP: http://norcie.com/pgp.txt
>
>
>
> *CDT's Annual Dinner (Tech Prom) is April 6, 2016.  Don't miss out!learn
> more at https://cdt.org/annual-dinner <https://cdt.org/annual-dinner>*
> /*******************************************/
>
> On Tue, Mar 29, 2016 at 5:49 AM, Lukasz Olejnik (W3C) <
> lukasz.w3c@gmail.com> wrote:
>
>> Dear all!
>>
>> I am working on a sensors privacy (impact, risk, ...) assessment for a
>> while now. And I think now it has little sense to withhold it for any
>> longer, as most of the work I did some time ago, anyway.
>>
>> It is primarily intended for Devis APIs WG (DAP), with whom I have the
>> pleasure to work on the privacy aspects of sensors API.
>>
>> I invite you to take a look on the document [1]. I hope it will be
>> useful, and I primarily hope this can be an appropriate starting input in
>> privacy considerations of sensors.
>> Often, as indicated in the PDF report, even perhaps far-fetched scenarios
>> are considered. Same for cross-device risks, where plausible scenario could
>> be pointed to.
>>
>> As advised in private correspondence with (and by), Tobie Langel (DAP),
>> it would be good if specific pull(s) request(s) follow. I'll look into that
>> next.
>>
>> Also of note. It is not included in the PDF (should it?), but I believe
>> it is worthy to require a secure (i.e. TLS) connection for having access to
>> sensors ('secure contexts') - all of them, generically and just like that.
>> I can't imagine a scenario where this could cause any issues, apart from
>> the need to set up a TLS, that is.
>>
>> I also highlight my view and want to ask a question. Can W3C give
>> guidance/recommendation/note regarding the transparency UIs (sometimes
>> called "privacy user interface")? A method for a straight-forward
>> user-verification of: what/how was being used, how frequent, etc.
>>
>> Please, enjoy ;-)
>>
>>
>> Best regards
>> Lukasz Olejnik
>>
>> [1] http://lukaszolejnik.com/SensorsPrivacyReport.pdf
>>
>>
>>
>

Received on Tuesday, 29 March 2016 14:35:15 UTC