- From: Nick Doty <npdoty@w3.org>
- Date: Sun, 23 Aug 2015 19:29:00 -0700
- To: Public TAG List <www-tag@w3.org>
- Message-Id: <E33D8D42-401E-4752-86BC-A3BEF2AD78D7@w3.org>
Hi TAG,
In response to your draft feedback, our subsequent conversations contextualizing that feedback and the Unsactioned finding, I've revised the draft fingerprinting guidance for Web specification authors. I've included a short summary of those changes below. In short, I've tried to make changes as you all suggested, or at least provide more clarification about the best practices. In particular, I've moved up part of the section on feasibility to an earlier section ("What can we do about it?"), to emphasize what kind of mitigations are possible and what spec changes alone won't be able to prevent.
If you have a chance, please look over the revised document and see if this resolves your general concerns or if you see other ways to improve the guidance. I've suggested to the Privacy Interest Group that we publish this as a draft Interest Group Note soonish; it will still change after that, it would just be a clearer indication of who's working on it and a way to ask for review. I've also noted in the Status section that we plan to work with the TAG on this document, which I think was a conclusion in the previous TAG meeting.
Thanks again,
Nick
Feedback from you all:
* https://github.com/w3ctag/spec-reviews/blob/master/2015/05/fingerprint.md <https://github.com/w3ctag/spec-reviews/blob/master/2015/05/fingerprint.md>
* https://github.com/w3ctag/meetings/blob/gh-pages/2015/telcons/05-27-fingerprinting-redux-minutes.md <https://github.com/w3ctag/meetings/blob/gh-pages/2015/telcons/05-27-fingerprinting-redux-minutes.md>
* my hand-scribbled notes from that call
* https://w3ctag.github.io/unsanctioned-tracking/ <https://w3ctag.github.io/unsanctioned-tracking/>
> Begin forwarded message:
>
> From: Nick Doty <npdoty@w3.org>
> Subject: Fingerprinting guidance update; responding to feedback, Note publication?
> Date: August 23, 2015 at 6:58:13 PM PT
> To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
> Resent-From: public-privacy@w3.org
> Archived-At: <http://www.w3.org/mid/D55C54C5-F644-49C9-941D-2E19B2DD8764@w3.org>
>
> I've revised the Fingerprinting Guidance for Web Specification Authors text, responding as best I can to comments from the TAG, the Tor Browser folks and other comments via mailing list.
>
> http://w3c.github.io/fingerprinting-guidance/
>
> Changes in particular include:
> * moving feasibility question up earlier, emphasizing realism/pessimism
> * clarifying some of the best practices, regarding unnecessary additions to fingerprinting surface
> * additional examples and references (in particular, to the TAG finding on unsanctioned tracking)
> * filling in to-do sections (and marking remaining ones with issue boxes)
>
> To clarify the status of this document and to gather wider review, I think it would be useful to publish this as a draft Interest Group Note. As a Process matter, that would consist of: the Interest Group deciding we want to publish it as an Interest Group Note; getting confirmation from the domain lead that we can use this name/shortname; publishing a snapshot on w3.org indicating its status as a draft Note; asking chairs and other groups for feedback.
>
> And in any case, I'd welcome further feedback, additions, subtractions and the like. I get the impression that specific examples from different specs/Working Groups would be the most welcome addition.
>
> Thanks,
> Nick
Received on Monday, 24 August 2015 02:29:11 UTC