W3C home > Mailing lists > Public > public-privacy@w3.org > April to June 2017

Re: PING summary - 23 March 2017

From: Renato Iannella <ri@semanticidentity.com>
Date: Wed, 26 Apr 2017 12:33:35 +1000
Message-Id: <57F727CC-7EA9-45A5-891B-CA260675ADEB@semanticidentity.com>
Cc: POE Comment list <public-poe-comments@w3.org>
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>

> On 13 Apr 2017, at 21:11, Christine Runnegar <runnegar@isoc.org> wrote:
> 
> (3) Request for PING review of ODRL Information Model and ODRL Vocabulary & Expression
> 
> https://www.w3.org/TR/odrl-model/
> https://www.w3.org/TR/odrl-vocab/
> 
> There may be a potential to fingerprint based on the intersection of policy settings. A question was also raised as to whether it could be used to capture keystrokes secretly (e.g. via a hidden input field). But, the specification does not log actual keys, it does post-processing; events after text to add/remove has been generated. So, the answer is probably no. There are a series of events after text entry, e.g. events to edit or modify the text (such as add or remove). Use case - people who edit content on Github, blogs, etc.
> 
> We need more information from the spec experts.


Dear PING, the POE WG discussed this at our last teleconference [1].

The ODRL specs are aimed at expressing policies, and hence are not impacted by keystroke logging.

We were not clear on the comment/impact on “fingerprinting”.

We would be happy to answer any followup questions.

Cheers...
Renato Iannella

[1] https://www.w3.org/2017/04/24-poe-minutes <https://www.w3.org/2017/04/24-poe-minutes>
Received on Wednesday, 26 April 2017 02:34:19 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 26 April 2017 02:34:20 UTC