Summary of TPAC 2016 PING meeting (20 September 2016, Lisbon)

Hello all,

Thanks again to all of you who participated in the PING TPAC meeting,
either in person or remotely. I’ve pulled together a summary of what was
discussed, including some future work items, to supplement the minutes that
can be found online at https://www.w3.org/2016/09/20-privacy-minutes.html

TPAC discussion topics:


* Mitigating Browser Fingerprinting in Web Specifications

Nick Doty gave an overview of this document [1] to the group (including its
structure and purpose) before discussing the open issues to be resolved.
Feedback from the TAG and PING identified items that are marked "pending
review" [2]; issues 11 and 13 were discussed. Issue 11 is on providing
hooks for instrumentation/detection of fingerprinting -- ways to make it
easier for browser extensions to reveal website activity. The conclusion
was that this is not something to include in this guidance document, given
that instrumentation is mostly implementation-specific, not Web-specific.
Issue 13 is on actionability -- how to make the document more readily
applied in practice. To date, we’ve had a few people use this document, but
could dig further to see how useful it has been. Also this could be tied in
with the privacy questionnaire; they are two separate documents but they
could be integrated more (e.g., with relevant elements from fingerprinting
guidance surfaced in the event that this consideration arises in the
privacy questionnaire). After further discussion, Nick noted it would be
useful to close out the “pending-review” items, solicit some additional
feedback from other groups, and to get this document in a note by the end
of the year.


* PING privacy questionnaire

Christine Runnegar led discussion of the privacy questionnaire [3], which
was developed to help authors to identify and address privacy implications
of their specifications. The TPAC meeting was spent in reviewing the
current state of the document and identifying items for future work, with
the goal being a working draft by the end of the year. The challenge is
produce a questionnaire with enough guidance to be helpful, without it
being overwhelming. One proposal was that those with security expertise
could try to draft a questionnaire as a starting point; Joe Hall and Kepeng
Li volunteered to do this. A process item was raised: we may need to
determine at what stage of spec development the privacy considerations
would be expected to be included; this could be discussed with Ralph Swick
(W3C). As for concrete work, it was suggested that we could combine the TAG
and PING questionnaires and begin with a “high-level” overview (suggested
by Mike West) followed by more detailed sections.


* Privacy Protection Principles

Kepeng Li sent a message to the PING mailing list on privacy protection
principles [4], to help in furthering privacy discussions, which he
presented to the group. The discussion highlighted how there were several
related works (e.g., OECD privacy guidelines, US FIPPs) that provide
foundational principles; this may not be the right document to develop
through PING. However, it is possible that some parts of this document may
be useful for the privacy questionnaire; Kepeng will explore this avenue.


* Terminology discussion

As part of a mailing list discussion about documentation, Joe Hall asked
whether a standardized privacy vocabulary would be useful in our work [5].
There are words that we may need to define in order have consistency and
clarity (e.g., “spoof”; “randomize”). This need not be exhaustive but a
basic list might be helpful; there was general support for creating such a
list and hosting it on a wiki or GitHub.


* Planning next year's work

TPAC provided a great opportunity for planning what PING should be engaged
with over the next year. We have already identified work we need to
complete on documents (e.g., group notes) as well as conducting regular
reviews, but this was an opportunity to identify additional items.  A
number of ideas were floated at the IETF F2F meeting [6], which were used
as a starting point for the TPAC discussion.


   -

   Privacy/incognito mode: there have been various discussions both within
   and outside the W3C (e.g., “privacy mode” [7]) about the different
   interpretations of this concept. Many different aspects of user privacy
   have been conflated under this umbrella, leading to much confusion. There
   was interest within the group for finding ways to improve the situation
   (e.g., developing a document); David Singer volunteered to spearhead this
   work.


   -

   Data gathering on privacy-violating techniques: given the state of
   sophistication of the web, where advances in techniques (like
   fingerprinting) can move quickly, it may be helpful to have a means for
   collecting relevant research in one place for reference. This might also
   include (where possible) information about large-scale behaviours (e.g.,
   user behaviours), as this data is used to motivate and direct
   privacy-focused work in the Web space.
   -

   Making privacy reviews more systematic: this was an item raised by Joe
   Hall, who was trying to find ways to improve PING’s overall process. There
   was discussion of the ways in which the TAG carries out reviews, as
   possible model; there is a need to ensure things remain scalable. It may be
   helpful to streamline the process by which reviews are requested (in
   general); following the GitHub repository for spec reviews [8] might
   provide a means for keeping basic track of items.


[1] https://github.com/w3c/fingerprinting-guidance

[2] https://github.com/w3c/fingerprinting-guidance/issues/

[3] https://github.com/w3c/ping/blob/master/privacy-questions.html

[4] https://www.w3.org/wiki/Privacy/Privacy_protection_principles

[5] https://lists.w3.org/Archives/Public/public-privacy/2016JulSep/0038.html

[6] https://lists.w3.org/Archives/Public/public-privacy/2016JulSep/0018.html

[7] https://gist.github.com/mnot/96440a5ca74fcf328d23

[8] https://github.com/w3ctag/spec-reviews/issues/