ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

More on privacy: The Role of the IETF in Improving Privacy on the Internet

2010-07-09 06:54:15
from [Hannes Tschofenig] [Permanent Link] 
Hi all, 

thanks to Alissa everyone is now focused on privacy. 

I thought it would be a good opportunity to share a short writeup with you; it 
has the title "The Role of the Internet Engineering Task Force (IETF) in 
Improving Privacy on the Internet". The article can be downloaded from 
http://www.w3.org/2010/api-privacy-ws/papers/privacy-ws-32.pdf. 

We (Jon, Bernard, and Karen) wrote this short position paper as a contribution 
for the "W3C Workshop on Privacy for Advanced Web APIs". More about the 
workshop can be found here: http://www.w3.org/2010/api-privacy-ws/. 

A little bit of background: Some of us worked in the GEOPRIV working group and 
had been exposed to the topic of privacy for years already. Over time we got a 
better understanding of it, also with the help of privacy experts like John 
Morris and Alissa. 

When the W3C then started their work on a so-called Geolocation API many of us 
had expressed concerns about how privacy is addressed in the design of that 
protocols. We got the impression that users would be exposing their location in 
surprising ways. 

We weren't, however, able to convince certain people involved in the design of 
the protocol and the Geolocation API got implemented and deployed. As 
deployment investigations later showed (see references in the paper) the 
privacy properties being provided in the wild weren't "favorable" for users.

With the ongoing work on the Device API in the W3C there is even more risk of 
getting things wrong since this work essentially allows to expose your camera, 
microphone, contact list, storage, etc. via your web browser to Web sites (who 
sent you the right JavaScript code). 

Now, it seems that even the last few folks have realized that there might be a 
privacy issue in the air. 

Hence, the W3C schedule a workshop with the focus on these APIs. 

We looked into the work various IETF groups did in the area of privacy and came 
to the conclusion that we do actually consider privacy in our protocol design. 
The paper highlights a couple of cases. We do not have a systematic approach of 
doing so but the structure of the IETF as an organization, the processes we 
have (with various levels of reviews), and the wide expertise allow us to catch 
or document potential privacy unfriendliness. 

We (the IAB) would like to figure out what the IETF and the IRTF can do to 
provide better privacy protection and where our influence ends. To do so we 
need your help. 

Your feedback to the article and the topic overall is appreciated. 

Ciao
Hannes 
(on behalf of the author team)

PS: Note that the article is not an IAB document and represents only the 
opinion of the authors. 
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • More on privacy: The Role of the IETF in Improving Privacy on the Internet, Hannes Tschofenig <=
Previous by Date:  Re: IETF privacy policy - update, Ted Hardie
Next by Date:  Privacy Terminology, Hannes Tschofenig
Previous by Thread:  Re: wanted: your old NAT home router, Lars Eggert
Next by Thread:  Privacy Terminology, Hannes Tschofenig
Indexes:  [Date] [Thread] [Top] [All Lists]