Re: Request Privacy review of HTML5.3 from Chaals Nevile on 2018-05-25 (public-privacy@w3.org from April to June 2018)

From: Chaals Nevile <chaals@yandex.ru>
Date: Fri, 25 May 2018 09:42:05 +0200
To: public-privacy@w3.org
Message-ID: <op.zjj7ofiwnd6f5a@ordhord.home>
On Fri, 25 May 2018 00:21:31 +0200, Nick Doty  
<npdoty@ischool.berkeley.edu> wrote:

> Hi Privacy-interested colleagues,
>
> We talked briefly about the HTML 5.3 spec at our call this month and the  
> prospect of providing privacy review or feedback by the requested  
> deadline >of May 25th (GDPR Day! tomorrow!). I'm trying to work through  
> the changes that seem most relevant to privacy.

If it helps, providing comments on Monday should be fine.

> While I'm working on that, I have written up some comments on the a ping  
> attribute which has resurfaced in this draft. Comments are included  
> below >-- I would welcome any feedback before we share directly with the  
> HTML WG. I can just provide comments on an individual basis since we're  
> very >close to the deadline and I don't expect to be able to gather the  
> consensus of everyone who might participate in this Interest Group, but  
> I still wanted >to have a chance to get your review if you happen to  
> have additional ideas.

I think your comments on the ping attribute should be filed, and wearing  
my privacy IG member hat, I would welcome sending them as group comments.

cheers

Chaals

>
> Cheers,
> Nick
>
> ---
>
> Via https://github.com/w3c/html/issues/369 it looks like the ping  
> attribute has re-appeared.
>
> When this was discussed in the past, I believe privacy concerns were  
> specifically cited as a reason not to include this in the updated HTML5  
> spec, >but it seems to have gone ahead on this draft, based on increased  
> implementation experience.
>
> When it was discussed with the Privacy Interest Group in April 2017, a  
> specific comment was noted:
>> Note that if we have a requirement that user agents clarify to the user  
>> that the link will ping other sites, we need to test whether >>that  
>> happens in real implementations.
> That concern stands.
> Here is the relevant text from the spec (present in both WHATWG HTML and  
> HTML 5.3 WD):
>> user agents should make it clear to the user that following the  
>> hyperlink will also cause secondary requests to be sent in the  
>> >>background.
> Has anyone tested the real implementations to verify that user agents  
> clarify to the user that the link will also cause secondary requests to  
> be sent in >the background? In my quick checks on current versions of  
> Chrome and Safari on Mac OS clicking on links from a google.com search  
> results page, I >couldn't determine that secondary requests were being  
> sent in the background short of opening the network inspector and  
> observing HTTP POST >requests. I trust that we don't believe that is  
> "clear to the user". (The spec includes an example suggesting use of a  
> tooltip; I'm not sure that's very >clear either, but I haven't seen that  
> in existing implementations anyway.) Do others have  
> tests/screenshots/etc. documenting implementations that >fulfill this  
> requirement?
>
> Indeed, the question of implementing the clarity requirement was raised  
> in 2007, with the suggestion that if sufficient UI wasn't being  
> implemented >within a year, then the feature should be revisited:
> https://lists.w3.org/Archives/Public/public-html/2007Nov/0055.html
>
> If there haven't been compliant implementations developed in the past 10  
> or 11 years, then I question whether there is sufficient implementation  
> >experience or whether implementers believe that feasible UI is possible  
> to meet that requirement.
>
> I believe there are good motivations for the ping attribute feature in a  
> way that could help user privacy. However, I think we need to be  
> cautious about >a feature where the privacy UI hasn't been developed for  
> this long. Indeed, this might be a step backward in transparency for end  
> users, who in some >cases now can no longer use the status bar to  
> observe that they're being redirected through a tracking link, and might  
> conclude that tracking isn't >happening, that they're navigating to a  
> site by clicking a link without any background communications. In  
> neither browser I tested could I find a >setting to disable sending  
> these background requests, as was proposed as an advantage of the  
> feature.
>
> If implementers believe that the clarity requirement is actually  
> unnecessary and that it's still better for user privacy, that would be a  
> separate question >to discuss. That approach might better match the  
> reality of implementations, but I'm not sure what the privacy advantage  
> is if users have neither >awareness nor control of background tracking  
> requests.
>
>> On Apr 26, 2018, at 5:31 AM, Léonie Watson <tink@tink.uk> wrote:
>>
>> Hello Privacy,
>>
>> We would welcome your review of HTML5.3 [1].
>>
>> To help make your review easier, we have produced a changelog that  
>> contains all substantive changes made since HTML5.2 [2]. >>Please also  
>> note that there are features marked "at risk", documented in the Status.
>>
>> If there are any issues arising from your review, please file them on  
>> the HTML Github repo [3], and apply the "wide review" and >>"privacy"  
>> labels to each issue. This will help us track your issues and ensure we  
>> respond accordingly.
>>
>> We would appreciate your feedback no later than Friday 25th May 2018.  
>> Thank you.
>>
>> Léonie on behalf of the HTML Editors and WebPlat Chairs.
>> [1] https://www.w3.org/TR/html53/
>> [2] https://www.w3.org/TR/html53/changes.html#changes
>> [3] https://github.com/w3c/html/issues/new/
>>
>> --@LeonieWatson @tink@toot.cafe Carpe diem
>>
>



-- 
Chaals: Charles (McCathie) Nevile find more at https://yandex.com
Using Opera's long-abandoned mail client: http://www.opera.com/mail/
Is there really still nothing better?
Received on Friday, 25 May 2018 07:42:47 UTC