ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Proposed IETF Privacy Policy for Review

2016-03-16 13:14:57
from [Adam Roach] [Permanent Link] 
On 3/16/16 12:02 PM, IETF Administrative Director wrote:

The proposed Privacy Policy is located here:
http://iaoc.ietf.org/documents/IETF-General-Privacy-Statement-2016-02-24-02.htm

The IAOC will consider all comments received by 31 March 2016.
Thanks for soliciting input! I have two brief comments on the proposed privacy policy.
IETF does not currently recognize browsers’ Do Not Track (DNT) requests with respect to our web sites.
I believe (and sincerely hope) that this statement is based on a misunderstanding of the meaning of DNT.
If you look at the current specification, DNT is intended to prevent tracking user activity /across multiple organizations/. (From <https://www.w3.org/TR/tracking-dnt/>: "Tracking is the collection of data regarding a particular user's activity across multiple distinct contexts and the retention, use, or sharing of data derived from that activity outside the context in which it occurred. A context is a set of resources that are controlled by the same party or jointly controlled by a set of parties.").
This is the kind of tracking behavior that is typically engaged in by advertising networks and the websites that display their ads. (For example: adweasels.com might serve up advertising to both socialtimesink.com and yourbiasednewssource.com. Because of this arrangement, when you go to yourbiasednewssource.com, it receives information, via adweasels.com, about your activity on socialtimesink.com).
As far as I understand, this is not behavior the IETF does (or should) participate in.
I think it would be more accurate to revise this statement in the privacy policy to something more along the lines of: "The IETF does not engage in Tracking behavior, as that term is defined by the Do Not Track (DNT) specification. Consequently, IETF web sites do not alter their behavior according to the value of browsers' DNT requests."
Some areas of the IETF web site and some IETF mailing lists require you to create and enter a password.IETF will store these passwords and does not make them available to the public.
I certainly hope that this means to say "IETF will store hashed versions of these passwords and does not make them available to the public." 

/a
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ietf.org unaccessible for Tor users, Rich Kulawiec
Next by Date:  Re: Proposed IETF Privacy Policy for Review, Martin Vigoureux
Previous by Thread:  RE: Proposed IETF Privacy Policy for Review, Adrian Farrel
Next by Thread:  Re: Proposed IETF Privacy Policy for Review, Adam Roach
Indexes:  [Date] [Thread] [Top] [All Lists]