Re: Proposed W3C Charter: Privacy Interest Group (PING) (until 2019-08-04)

The Formal Objection was in regards to the IG charter.  In particular, we
asked that a formal deliverable be added to formalize the model of privacy
and privacy threats.  Jeffrey's proposal can be a good starting point for
that, certainly, but I think this should work like the TAG's Design
Principles - it's a living guidance document, and it should make it clear
what is being assessed by the PING review process.  If new types of privacy
concerns arise, they should be added to the document.

I'm afraid I can't comment on the resolution (or not) of the FO, as it's
being addressed by the W3C in member-confidential space (and this is a
public mailing list).  The only comment I'd make at this point is that I
don't think this should impede any work the IG is currently doing, and I
expect this to get resolved in fairly short order.

As for the PING's process, I do share your concerns (in the email you sent
to the list previously) - the workmode in that doc lists strictures that it
can't, by itself, enforce.  (E.g. if you want to prevent specifications
from going to Recommendation status without earning a green light from
PING, you'd have to get that put into the Process document and adopted by
the Advisory Committee.  The Advisory Board nominally manages the Process
and brings it to the AC for a vote, but in practice years ago we set
up a Process
Community Group <> to encourage
others to participate in improving the Process, so you can always propose
changes there.)

On Tue, Sep 24, 2019 at 12:51 PM Nick Doty <>

> Thanks for the context, Chris.
> Was Google’s Formal Objection to the Interest Group charter, or to a
> discussion proposal that was being considered in the group regarding
> process and input to the Process CG? I also had feedback on the particular
> draft proposal that was linked in the Formal Objection text. In particular,
> I tried to make it clear that PING was best situated to describe how the
> Interest Group’s own process for review worked; that feedback was shared on
> the public mailing list and discussed on a teleconference and those changes
> seemed to have broad support:
> I’m pleased that Google does not have concerns about PING reviewing web
> platform specifications, given that has been our focus for a number of
> years! Does that mean the Formal Objection has been resolved?
> There also seems to be broad agreement on having guidance to give to
> designers and specification authors in addition to conducting reviews. That
> is the very first work item described in the first sentence of the Scope
> section in the draft charter. Along those lines, we’ve published an
> Interest Group Note providing guidance on mitigating browser fingerprinting
> (which I edited), and we’ve worked with the TAG (where Jason Novak took the
> lead) on an update to the security and privacy questionnaire in order to
> provide more detail on both threat models and mitigations so that Working
> Groups have guidance prior to reviews. And I am certainly encouraged that
> that work should continue, including with the early threat model draft from
> Jeffrey Yasskin and the work on documenting/prioritizing fingerprinting
> surface, both discussed at TPAC.
> More participation would certainly be welcome so that we can address the
> increasing workload of reviews and prospective guidance. I hope we can
> resolve objections to the charter promptly so that we can focus on that
> work.
> Cheers,
> Nick
> > On Sep 23, 2019, at 8:57 PM, Chris Wilson <> wrote:
> >
> > I wanted to offer some additional context on what precisely we were
> asking for here. Google believes a core need for the PING charter is to
> establish a formal model of privacy concerns, which should be a living,
> growing framework expressing best practices and understanding of privacy
> concerns.  This should enable web platform API designers to understand
> privacy at a deeper level and avoid problems in their API designs, or at
> least identify them before getting to the review stage.  This model should
> have the same kind of relationship to the horizontal reviews that the PING
> will do that the TAG's Design Principles (
> have to TAG reviews.
> >
> > Hopefully the need for this model is not controversial, as the group (as
> I understand it) has already adopted Jeffrey Yasskin's proposal as the
> beginnings of such a model in their domain (
>  We still think this is
> an essential deliverable to capture in the charter for the PING, and
> believe needs to be a critical focus for the PING group.
> >
> > To be clear: Google does NOT have concerns about the PING reviewing web
> platform specifications. Quite the opposite, and I think the conversations
> last week at TPAC—both in the PING meeting and in the Internationalization
> meeting about generalized horizontal review process—were quite productive.
> We do have slight concerns about the additional workload that might entail
> for the PING group, but we have been actively working to increase our
> participation in the PING to help account for that.  (And for the record, I
> understand the proposed process changes mentioned in our objection have not
> been adopted; that was the information we were working from at the time.)
> >
> > As I've indicated to Sam, we have general concerns over long charter
> periods, but for this interest group this is not a blocking concern; this
> would not have led to Formal Objection by itself.
> >
> > -Chris
> >
> > Samuel Weiler <> wrote:
> > >During AC review of the proposed new Privacy Interest Group (PING)
> > >charter, Google filed a Formal Objection.  Below is the text, provided
> > >per Section 3.3.2 of the Process.
> > >
> > >-- Sam Weiler, W3C/MIT
> > >
> > >
> > >    We are primarily concerned that the PING is attempting to insert
> > >     itself as a required step for all specifications as per
> > >(
> )
> > >     without first
> > >     focusing on creating a well-developed formal model that can give
> > >     actionable advice for developers to assess the privacy risks of
> > >     their features.  Although we certainly believe effective and
> > >     constructive review guidance is
> > >     essential, only focusing on anti-patterns is not by itself a
> > >     solution. We'd like to see the PING focus on guidance for what a
> > >     true privacy-preserving browser might look like based on a
> > >     high-quality model of platform surface area - e.g.
> > >     removing hardware, screen resolution, and CPU distinguishers to the
> > >     greatest extent possible, outlining network-level analysis and the
> > >     inability to provide privacy from network actors without
> > >     network-channel-noise creation, and
> > >     discussing the role of powerful features, 3ps, and various page
> > >     construction techniques that need to be defeated for true privacy
> > >     preservation.
> > >
> > >     Simply establishing themselves as an authoritarian review group
> > >     without formally establishing self-serve guiding principles will
> > >     cause significant unnecessary chaos in the development of the web
> > >     platform.  Although we would like the PING to
> > >     take a strong role in horizontal review, we are uncomfortable
> > >     investing it with Process authority without more experience.
> > >
> > >     Additionally, we find the 3+ year charter time frame for the
> > >     PING group to be excessive, as this is a significantly different
> > >     charter than it has been previously.  We would like to suggest that
> > >     the charter end date be moved up to 31
> > >     December 2021.

Received on Tuesday, 24 September 2019 21:10:14 UTC