- From: Wendy Seltzer <wseltzer@w3.org>
- Date: Mon, 15 Oct 2018 11:23:17 -0400
- To: "Jason A. Novak" <jnovak@apple.com>, public-privacy@w3.org
- Cc: Samuel Weiler <weiler@w3.org>, Tara Whalen <tjwhalen@google.com>, Nick Doty <npdoty@ischool.berkeley.edu>, Christine Runnegar <runnegar@isoc.org>, Hannah Quay-de la Vallee <hannah@cdt.org>
Thanks Jason and tf, great progress! On 10/15/2018 10:47 AM, Jason A. Novak wrote: > We’re in the home stretch of our group review of the Security & Privacy Questionnaire! > > Here’s the current status by section: > - Introduction and How To Use: Our edits have been accepted by the TAG and merged into master <https://github.com/w3ctag/security-questionnaire/pull/39>. > - Questions to Consider: This morning, I finalized our edits and sent to the TAG for review <https://github.com/w3ctag/security-questionnaire/pull/41> and incorporation into master. > - Mitigation Strategies: Took proposed edits from the small group and make a PR for our internal review <https://github.com/jasonanovak/security-questionnaire/pull/14>. In light of the conversation last week on device memory and JS v header invocation, is it worth considering a mitigation of the form "require usage to be observable or auditable"? For example, even if a feature's activation or use gives no specific warning to the end-user, it might be observable by the user, by third-party tools operating on the user's behalf, or by observers/analysts doing web crawls or investigations at an ecosystem level. Features with anticipated privacy impacts should make their use detectable. --Wendy > > If folks could please review the Mitigation Strategies edits developed by the small group <https://github.com/jasonanovak/security-questionnaire/pull/14> by this Friday, I would appreciate it and then I’ll send it to the TAG for incorporation in the master document so that by TPAC we have a revised (or mostly revised) document. > > Best, > Jason > -- Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) Strategy Lead, World Wide Web Consortium (W3C) https://wendy.seltzer.org/ +1.617.863.0613 (mobile)
Received on Monday, 15 October 2018 15:23:23 UTC