W3C home > Mailing lists > Public > public-webid@w3.org > October 2012

Identity transparency - was: privacy definitions -- was: WebID questions

From: Henry Story <henry.story@bblfish.net>
Date: Wed, 17 Oct 2012 10:32:24 +0200
Cc: Ian.Oliver@nokia.com, melvincarvalho@gmail.com, benl@google.com, public-privacy@w3.org, public-webid@w3.org
Message-Id: <FDEE8D70-FCC0-486F-ABC6-A3EA31D86065@bblfish.net>
To: David Singer <singer@apple.com>

On 17 Oct 2012, at 08:49, David Singer <singer@apple.com> wrote:

> Worse, I think it's misleading to focus on a technology -- cookies -- and not the principle.

In the mail thread that this mail is an extension of we came to a pretty clear principle, but I noticed that it may have gotten lost in the discussion.

"Identity Transparency principle"

  A browser user should be able to see transparently what types of traces he is leaving on any web site he is using. Looking at the page he should be able to see if he is anononymous, tracked, or identified and as whom. And he should be able to change the identity easily.

> The principle is whether a site is storing data about me.  It doesn't make much material difference to me whether the site stores the data in cookies on my machine, or in a database indexed by an identifier stored in a cookie on my machine, or in a database that is indexed in some other way (e.g. by a fingerprint).

Completely agree, one should work from principles, and then apply those to different technologies.
Of course in this case there are not that many, though WebID ( http://webid.info/ ) is not widely understood yet, so I discuss that.

> Generally, I am saying that statements of principle should avoid discussing specific technologies, or we run the serious risk that people will simply keep their practices and just change the technology.  So, for example, laws about cookies can be circumvented by the use of fingerprints as indexes.
> Don't tell me that you are using cookies - they can be quite innocuous. Tell me you're tracking me.  And so on.

an icon with footprints for example could do there.

> On Oct 17, 2012, at 14:30 , Ian.Oliver@nokia.com wrote:
>> Furthermore you have to differentiate between cookies for different purposes, for example, advertising tracking, login information, certain kinds of state etc.
>> You have a catch-22 situation here, in order to give the user or consumer enough information about - in this case - cookie usage, the UI would become very complicated and the burden of understanding in the consequences and implications of certain cookies being turned on and off would be toˇ high; on the other hand, if you have a simple on/off then the repercussions on some basic functionality of sites would lead to a potentially (massively) degraded and frustrating user experience.
>> Does anyone have a reference to the typical amount of type of cookies stored by a "typical" user?
>> t.
>> Ian
>> ________________________________________
>> From: ext David Singer [singer@apple.com]
>> Sent: 17 October 2012 09:17
>> To: Henry Story
>> Cc: Melvin Carvalho; Ben Laurie; public-privacy list; public-webid@w3.org
>> Subject: Re: privacy definitions -- was: WebID questions
>> On Oct 16, 2012, at 20:40 , Henry Story <henry.story@bblfish.net> wrote:
>>> But that is not yet transparency I am looking for. Because you could go to a site and click mistakenly on "accept cookies forever", and you could easily forget about it later. What is
>>> needed I was arguing is the ability to be able to see in your URL bar that you are using cookies
>>> and be able to switch it off easily. Then you would be made aware constantly of your identity at
>>> a site.
>> The problem is that many, if not most, sites use cookies, and a warning that is almost always on gets ignored.
>> David Singer
>> Multimedia and Software Standards, Apple Inc.
> David Singer
> Multimedia and Software Standards, Apple Inc.

Social Web Architect

Received on Wednesday, 17 October 2012 08:33:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:43 UTC