- From: Henri Sivonen <hsivonen@hsivonen.fi>
- Date: Sun, 18 Jan 2015 21:37:53 +0200
- To: "Mike O'Neill" <michael.oneill@baycloud.com>
- Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, Chris Palmer <palmer@google.com>, Noah Mendelsohn <nrm@arcanedomain.com>, "www-tag@w3.org List" <www-tag@w3.org>
On Sun, Jan 18, 2015 at 8:06 AM, Mike O'Neill <michael.oneill@baycloud.com> wrote: > +1. Even if the browser, OS were under your control you have no control over what the web application is doing with your data. Not only could it be being shared with servers through third-party sub-requests, it can also be passed server-server to thousands of other entities and often is. > > Link security != privacy. Privacy needs the rule of law not total secrecy. Transport security between the browser and the server is necessary but not sufficient for privacy. That's not a reason not to pursue transport security, though. Someone could be arguing in another discussion somewhere that there's no point in supporting server-side privacy with legal policy, because privacy is lost between the browser and the server. -- Henri Sivonen hsivonen@hsivonen.fi https://hsivonen.fi/
Received on Sunday, 18 January 2015 19:38:16 UTC