On 3/16/16 12:02 PM, IETF Administrative Director wrote:
The proposed Privacy Policy is located here:
http://iaoc.ietf.org/documents/IETF-General-Privacy-Statement-2016-02-24-02.htm
The IAOC will consider all comments received by 31 March 2016.
Thanks for soliciting input! I have two brief comments on the proposed
privacy policy.
IETF does not currently recognize browsers’ Do Not Track (DNT)
requests with respect to our web sites.
I believe (and sincerely hope) that this statement is based on a
misunderstanding of the meaning of DNT.
If you look at the current specification, DNT is intended to prevent
tracking user activity /across multiple organizations/. (From
<https://www.w3.org/TR/tracking-dnt/>: "Tracking is the collection of
data regarding a particular user's activity across multiple distinct
contexts and the retention, use, or sharing of data derived from that
activity outside the context in which it occurred. A context is a set of
resources that are controlled by the same party or jointly controlled by
a set of parties.").
This is the kind of tracking behavior that is typically engaged in by
advertising networks and the websites that display their ads. (For
example: adweasels.com might serve up advertising to both
socialtimesink.com and yourbiasednewssource.com. Because of this
arrangement, when you go to yourbiasednewssource.com, it receives
information, via adweasels.com, about your activity on socialtimesink.com).
As far as I understand, this is not behavior the IETF does (or should)
participate in.
I think it would be more accurate to revise this statement in the
privacy policy to something more along the lines of: "The IETF does not
engage in Tracking behavior, as that term is defined by the Do Not Track
(DNT) specification. Consequently, IETF web sites do not alter their
behavior according to the value of browsers' DNT requests."
Some areas of the IETF web site and some IETF mailing lists require
you to create and enter a password.IETF will store these passwords and
does not make them available to the public.
I certainly hope that this means to say "IETF will store hashed versions
of these passwords and does not make them available to the public."
/a