- From: Shane Wiley <wileys@yahoo-inc.com>
- Date: Wed, 8 Feb 2012 06:52:52 -0800
- To: Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>
- CC: Jonathan Mayer <jmayer@stanford.edu>
Rigo, I appreciate the desire for the working group to solve all privacy issues in a single pass but would suggest an attempt to solve the age old debate of "when is 'anonymous' anonymous enough?" is outside of the scope of this working group. Many local laws already take positions on this topic and I suggest we allow this discussion to evolve separate to the efforts of this working group. - Shane -----Original Message----- From: Rigo Wenning [mailto:rigo@w3.org] Sent: Wednesday, February 08, 2012 1:37 AM To: public-tracking@w3.org Cc: Jonathan Mayer Subject: Re: New Research on Protocol Information (ISSUE-16, ISSUE-19) On Tuesday 07 February 2012 16:30:32 Jonathan Mayer wrote: > The paper also finds that scrubbing the last octet from an IP address may do > little to mitigate tracking. >From a scientific point of view, this was already acquired as a fact in our discussions around P3P in 2001. I'm pretty sure that Matthias can find some paper from long time ago that already addresses this issue. This raises the question of how anonymous is anonymization. While being interesting from a scientific point of view, this may be dangerous for our considerations here as it will push us into the anonymity arms race. As this is a moving target, it is hard to lay down something in the specification. My suggestion would be that the group: 1/ Recognizes that just removing the last octet of an IP-address is NOT sufficient for anonymization or even pseudonymization. 2/ Discuss what is "good enough" for the risk we are trying to tackle, risk being one of the following: consumer protection and dangers for democracy (have to be made more concrete in the discussion) I don't think a burdensome re-identification of a single person like in a law enforcement scenario is our attacking scenario, but rather mass information processing to find opinions and predict and influence people in an undue and dangerous way or amass sufficient information that others could abuse the amassed information for undue and dangerous purposes. Best, Rigo
Received on Wednesday, 8 February 2012 14:56:28 UTC