- From: Pete Snyder <psnyder@brave.com>
- Date: Tue, 12 Feb 2019 17:31:35 -0800
- To: Mark Nottingham <mnot@mnot.net>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Hi Mark! > I'm sorry it seems bananas to you, and likewise apologise if closing the issue seemed curt. Apologies for “bananas" on my part too. That was not useful or productive :) > We want to make the WG as welcoming as possible, but realise that requests for background information / data puts the burden for resolving your request upon others. Generally, people are expected to get themselves up to date with the discussion (in the issues lists, mailing lists and meeting minutes) and ask questions when they can't find answers there. I understand your point here, but I’m not sure I agree with the framing. (Not making any attempt to speak for others) the proposal here is one that has worrying privacy implications; it at least involves increases the risk to user’s privacy (otherwise, there would be no need to have the privacy concerns section in the doc). The unavoidable question then whether (to some approximation) the increased privacy risk comes with a significant, offsetting benefit to users. Data for such is all thats being asked for here. If there is a privacy risking change being proposed to the current platform, asking the authors to justify / motivate making the change in the common case (and not just for a very small number of web participants) seems quite reasonable! I don't know if that counts as a burden to standard makers, but it doesn’t seem unreasonable. Or, if such data doesn’t exist, that would also be very useful to know :) > Such general questions are more appropriate on the mailing list because the working group needs to keep some discipline over its issues list. If issues were a way for people to ask for general / background information on our specs, our issues list would quickly become unfit for its primary purpose -- discussing issues with the specifications we're developing. In particular, I (as WG chair) have a strong interest in protecting my editors (who are inevitably time-poor) from an overly large issues list, as that tends to remove their motivation to contribute. I read through what I could find on CH on the GH issues, and from the documents that have been shared with PING. The other folks on the PING call last week were similarly unfamiliar with any related data. If it exists and I over looked it, I sincerely apologize for the annoyance and error, but scouts honor I was unable to find anything about the web scale benefit s(as opposed to a very small number of use cases that at least don’t self-evidently generalize across the web) of this change in the common locations. > In this particular case, I suspect you may not get a satisfying answer to your question, because it's so broad. If you'd like to raise an issue asserting that CH is privacy-damaging in some specific aspect, please do so. I’ve opened an issue, but the concern here is slightly different. My question here is “what are the upsides that motivate introducing privacy risk”, rather than “here is an example of another way this is risky”. Best, Pete > Cheers, > > > >> On 13 Feb 2019, at 10:17 am, Pete Snyder <psnyder@brave.com> wrote: >> >> As follow up, the second issue (https://github.com/httpwg/http-extensions/issues/768) was just closed. The suggestion seems to be that questions regarding “is this a good idea” or “how do we know if this is a good idea” are not appropriate for GH issues… >> >> This seems bananas to me. If others would like to push back, please follow up on the comment. >> >> In the meantime, I will send a similar request out to ietf-http-wg@w3.org >> >>> On Feb 12, 2019, at 2:41 PM, Pete Snyder <psnyder@brave.com> wrote: >>> >>> Hi Charles, >>> >>> Thanks for the links. My confusion came from that there doesn’t seem to be (or, maybe, just isn’t) a way to open issues specifically about CH. >>> >>> In the meantime though, I’ve opened issues in the larger `http-extensions` repo addressing the discussed issues: >>> >>> * CH, Logging and passive tracking / fingerprinting >>> https://github.com/httpwg/http-extensions/issues/767 >>> >>> * Data motivating CH ? >>> https://github.com/httpwg/http-extensions/issues/768 >>> >>> Best, >>> Pete >>> >>> P.S. Thank you for catching that my text was cut off yesterday. I only meant to say “Brave is unlikely to implement any of this stuff.” >>> >>> >>>> On Feb 12, 2019, at 2:35 AM, Charles 'chaals' (McCathie) Nevile <chaals@yandex.ru> wrote: >>>> >>>> Assuming CH == Client Hints, I think the repo you want to file issues in is https://github.com/httpwg/http-extensions/labels/client-hints >>>> >>>> Otherwise write to the HTTPWG with your feedback - or I can introduce you to one of the chairs who can probably help you out further. >>>> >>>> cheers >>>> >>>> Chaals >>>> >>>> On Tue, 12 Feb 2019 01:35:24 +0100, Pete Snyder <psnyder@brave.com> wrote: >>>> >>>>> Hey folks, >>>>> >>>>> Just following up on discussed items from last week. This will be my first time opening issues against a proposed standard, so would appreciate some mild handholding :) >>>>> >>>>> TODO #1 >>>>> — >>>>> Open issues regarding privacy implications of moving JS features to CH headers (screen size, color depth, etc.) related to logging. >>>>> >>>>> I’m having difficulty finding the right place to open these issues, as they’re mentioned in the IETF spec[1], but no similar place in GH. The closest I can find is Chromium people talking to Chromium people in fetch here [2]. >>>>> >>>>> Done anyone have any suggestion / advice on the best place to formally bring these comments. FWIW Brave is pretty 100% in the c >>>>> >>>>> >>>>> TODO #2 >>>>> — >>>>> Ask the CH folks for data that shows there are broad use cases for the headers? >>>>> >>>>> Again, I would greatly appreciate any suggestions on the most fruitful place to add these, as currently it seems to be in a dozen places. If others have suggestion, I would greatly appreciate it :) >>>>> >>>>> >>>>> Refs >>>>> --- >>>>> 1: https://tools.ietf.org/html/draft-ietf-httpbis-client-hints-06#section-6.4 >>>>> 2: https://github.com/whatwg/fetch/pull/725 >>>> >>>> >>>> -- >>>> Using Opera's mail client: http://www.opera.com/mail/ >>>> >>> >> >> > > -- > Mark Nottingham https://www.mnot.net/ >
Received on Wednesday, 13 February 2019 01:32:04 UTC