- From: Rigo Wenning <rigo@w3.org>
- Date: Thu, 15 Mar 2012 10:19:46 +0100
- To: public-tracking@w3.org
- Cc: Shane Wiley <wileys@yahoo-inc.com>, Jonathan Mayer <jmayer@stanford.edu>, "Roy T. Fielding" <fielding@gbiv.com>
Roy, Jonathan, Shane, On Wednesday 14 March 2012 11:39:55 Shane Wiley wrote: > Please understand these activities are to PROTECT users and businesses alike > (depends on the attack). I'm hopeful we don't purposely create real risk > of harm to users in our attempts to "lock down" the DNT standard. Security vs Privacy is a big classic in data protection. Our forefathers of data protection in the seventies said that good data protection is requiring more secure systems to protect also against abuse of personal information. So they tried to harmonize security and data protection. On the one hand, I have a lot of sympathy with Roy warning us to open that can of worms. I would be very reluctant to include security-related provisions into the two Specifications. On the other hand, I also have a lot of sympathy for the suggestion to use the present expertise to have some privacy suggestions for the fraud-fighters in the Web's payment channel. Because PROTECT is relative. I'm pretty sure that Assad claims to PROTECT Syria. So only saying "protect" as a use limitation doesn't save our live here. A best practices document on fraud protection for ad companies would be cool. This could determine unnecessary data collection and identify doubtful sharing practices that would allow to abuse the data collected for fraud protection. In one word, make fraud protection for the web smarter to some extend, privacy wise.. And I think that in a second generation, we could have a framework where a service agrees to back down a bit because the users have decided (via DNT) not to be as highly secured because they favor privacy in a given context. Best, Rigo
Received on Thursday, 15 March 2012 09:20:29 UTC