IRC log of privacy on 2010-07-12

Timestamps are in UTC.

07:50:03 [RRSAgent]
RRSAgent has joined #privacy
07:50:03 [RRSAgent]
logging to
07:50:07 [Zakim]
Zakim has joined #privacy
07:50:13 [tlr]
Meeting: W3C Privacy Workshop
07:50:16 [tlr]
Chair: DKA, TLR
07:50:30 [tlr]
08:02:38 [soonho]
soonho has joined #privacy
08:03:27 [karl]
karl has joined #privacy
08:06:23 [soonho]
Present+ Soonho_Lee
08:07:57 [bblfish]
bblfish has joined #privacy
08:08:02 [bblfish]
08:08:36 [dsinger]
dsinger has joined #privacy
08:08:44 [jmorris]
jmorris has joined #privacy
08:09:57 [Youn-Sung]
Youn-Sung has joined #privacy
08:10:01 [Dong-Young]
Dong-Young has joined #privacy
08:10:03 [fjh]
fjh has joined #privacy
08:11:49 [karl]
good. good
08:12:07 [hendry]
hendry has joined #privacy
08:12:12 [hendry]
good morning
08:12:31 [karl]
karl has changed the topic to: W3C Workshop API Privacy - London 12/13 July 2010 (karl)
08:13:20 [alissa]
alissa has joined #privacy
08:14:44 [pkelley]
pkelley has joined #privacy
08:17:02 [wonsuk]
wonsuk has joined #privacy
08:18:34 [rbarnes]
rbarnes has joined #privacy
08:18:39 [rbarnes]
08:23:41 [Kangchan]
Kangchan has joined #privacy
08:27:24 [MikeS]
MikeS has joined #privacy
08:27:32 [MikeS]
RRSAgent, make minutes
08:27:32 [RRSAgent]
I have made the request to generate MikeS
08:29:49 [rbarnes]
are the slides being made available anywhere?
08:29:54 [MikeS]
Zakim, code?
08:29:54 [Zakim]
sorry, MikeS, I don't know what conference this is
08:29:58 [rbarnes]
... for those of us in the back who can't really see
08:30:03 [MikeS]
zakim, list
08:30:03 [Zakim]
I see XML_(F2F)3:00AM active and no others scheduled to start in the next 15 minutes
08:30:26 [tlr]
we'll collect the slides and link them from the agenda
08:31:17 [drogersuk]
drogersuk has joined #privacy
08:31:33 [bblfish]
what newspaper was the article for today in? Herald Tribune?
08:31:42 [darobin]
darobin has joined #privacy
08:32:10 [jmorris]
tlr: thanks to Vodafone!
08:32:20 [jmorris]
.. and Primelife
08:32:50 [cullenfluffyjenni]
cullenfluffyjenni has joined #privacy
08:33:55 [dsinger]
me Herald Tribune
08:34:09 [jmorris]
tlr: walking through slides
08:35:47 [ifette]
ifette has joined #privacy
08:37:26 [ifette]
tlr: if you say the word "privacy" you must define what you mean
08:37:42 [rbarnes]
again, slides would be helpful for this in the back of the room
08:38:05 [rbarnes]
08:38:33 [jmorris]
Karl Dubost, Pheromone
08:39:17 [eisinger]
eisinger has joined #privacy
08:39:27 [MikeS]
scribe: jmorris
08:39:32 [tlr]
ScribeNick: jmorris
08:40:11 [jmorris]
karl: different identities in different contexts
08:40:44 [jmorris]
.. marketing leads to interesting discussions about "privacy"
08:42:23 [jmorris]
.. communications can be global, instantaneous
08:42:38 [jmorris]
.. info is replicated on net -- much harder to lie
08:42:51 [hendry] is Karl's pp btw
08:42:52 [jmorris]
.. info is permanent
08:43:53 [jmorris]
.. once you give access, you have no way to take it back -- to say "stop using my data"
08:43:59 [tlr]
08:44:02 [tlr]
08:44:10 [jmorris]
.. how do we make it possible to have a loss of memory
08:45:16 [tlr]
08:45:37 [jmorris]
.. privacy is cultural
08:45:51 [jmorris]
.. people's privacy views differ than businesses
08:46:08 [tlr]
tlr has changed the topic to: W3C Privacy Workshop | Agenda (with links to slides):
08:46:55 [jmorris]
.. robots.txt is a bad protocol ... only works if you have access to root of site
08:47:06 [jmorris]
.. it shows what you want to hide
08:47:25 [jmorris]
.. can only do that with .htaccess
08:48:24 [jmorris]
.. Tumblr and other sites give you the ability to keep search engines from indexing personal site
08:48:56 [jmorris]
.. your site is public, but you give links to it (not reached through search engine)
08:49:18 [jmorris]
.. need something better that robots.txt
08:51:03 [jmorris]
.. browsers are my main communications tool
08:51:14 [tlr]
s#walking through slides#
08:51:24 [bryan_sullivan]
bryan_sullivan has joined #privacy
08:51:26 [jmorris]
.. could their be a layer in browser to collect what you have share?
08:52:52 [nickdoty]
nickdoty has joined #privacy
08:54:06 [jmorris]
henry: mistake that data can be infinitely copied
08:54:20 [jmorris]
.. value of info depends on who is publishing
08:54:41 [jmorris]
.. so there is info destruction happening
08:56:08 [jmorris]
John Carr European NGO Coalition on Child Safety Online
08:56:25 [jmorris]
08:56:32 [jmorris]
John Carr: no slides
08:57:00 [jmorris]
.. works with range of orgs across europe concerned about childrens use of Internet
08:57:24 [jmorris]
.. in UK in March 2010 Ofcom did research in child use of social network space
08:57:55 [jmorris]
.. of 8-12 year olds, 19% had profiles on three social networks
08:58:12 [jmorris]
.. most had profiles private, but 11% did not
08:58:35 [jmorris]
.. looking at all children - 25% of all children on sites they should not be on
08:59:05 [jmorris]
.. not all parents monitor kids at all times
08:59:37 [jmorris]
.. this is environment into which new geolocation services are being dropped
08:59:59 [jmorris]
.. geolocation services specify 18 year old as minimum age
09:00:17 [jmorris]
.. but geoloc services can be lined to 13 year old social network page
09:00:51 [jmorris]
.. wants to enlist group's help to address problems
09:01:24 [jmorris]
.. almost think that age limits should be dropped, because they are not being enforced
09:01:43 [dsinger]
if, on the internet, no-one knows you're a dog, how do I 'know' you're a child?
09:02:35 [dsinger]
and is there a Streisand effect here, saying 'if you're young, DO NOT LOOK HERE!'? what do the young immediately wonder?
09:02:48 [Kangchan]
Kangchan has joined #privacy
09:02:54 [ifette]
especially given that in the US we are forcefully against any sort of national ID card that could actually be used to prove identity/age online
09:03:00 [jmorris]
.. sites purport to want to ban children, but they do not enforce
09:03:42 [jmorris]
.. asks what would an 8 year old's judgment be on what privacy means
09:03:55 [eisinger]
in germany, we're currently developing an id card that would allow you to prove (parts of your) identity to a website
09:03:58 [drogersuk]
+1 to ifette's point
09:03:58 [eisinger]
such as the age
09:04:16 [jmorris]
.. every country in world specifies 18 as minimum age to be adult
09:04:22 [ifette]
jochen - remind me not to move back to germany :)
09:04:32 [drogersuk]
also, as he said - the parents are actively encouraging the kids so they would just leave their card with the kid
09:04:46 [eisinger]
ha, i'll remind you end of september that you didn't want to come here
09:05:23 [jmorris]
.. hope that we can find a way in this technical space to find better technical tools to deliver broad social policy
09:06:08 [jmorris]
.. we all want privacy rules over out data, but if a company is dealing with physical whereabouts, this is very highly sensitive
09:06:19 [jmorris]
09:06:23 [MikeS]
09:06:50 [jmorris]
.. in 2003 mobile services in UK started rolling out location,
09:07:03 [MikeS]
RRSAgent, make minutes
09:07:03 [RRSAgent]
I have made the request to generate MikeS
09:07:07 [drogersuk]
on the child protection issue - most kids are abused by someone that is known to the family so they are likely to have given their location to that 'trusted' person
09:07:18 [jmorris]
.. companies accepted validity of location concern
09:07:31 [jmorris]
.. key thing they did is make location a paid-for service
09:07:54 [jmorris]
.. if you paid for it, there was an audit trail
09:08:06 [jmorris]
.. if you were trying to track a child, you had to do a further check
09:08:20 [jmorris]
.. postal checking process
09:08:27 [drogersuk]
there are use cases getting mixed up here - for example preventing kids accessing over 18 content is entirely different to 'child protection' in the traditional sense
09:08:35 [jmorris]
.. before you could commence tracking service on child
09:09:06 [fjh]
example, know where you are at 4pm every monday, can determine pattern
09:09:10 [jmorris]
.. does not see evidence of these checks in the new location services
09:09:22 [Peter]
Peter has joined #privacy
09:09:25 [jmorris]
.. the web based loc services just require the ticking of a box
09:09:57 [anne]
anne has joined #privacy
09:10:02 [rbarnes]
hendry: depends a lot on the browser
09:10:03 [drogersuk]
@hendry - maybe we should ban the internet
09:10:07 [jmorris]
.. experience with ticking box -- gambling sites just asked to tick a box to gamble
09:10:36 [jmorris]
.. kids were developing gambling addiction
09:10:37 [hendry]
drogersuk: i think a child can survive without geolocation features
09:10:49 [jmorris]
.. law changed to require age verification system
09:10:54 [drogersuk]
@hendry - or the internet ;-)
09:11:02 [ifette]
Payment doesn't seem like any guarantee. I can go to any store in the US and buy a "pre-paid" credit card, and provide whatever name and address I want that will get associated with the card.
09:11:17 [jmorris]
.. since law has passed, children have not being able to invent identities
09:11:23 [drogersuk]
I remember this discussion about 0898 numbers in the early 1990's. Never stopped me
09:11:26 [hendry]
rbarnes: turning off geolocation needs to be really simple to do. simple enough for a parent/guardian
09:11:29 [jmorris]
.. easy for 18 year olds, much harder to do for younger
09:11:48 [rbarnes]
hendry: ... and permanent enough that the kid can't turn it back on?
09:11:53 [ifette]
hendry - turning it off isn't the hard part. It's ensuring that the kid, who is probably more savvy than the parent, can't turn it back on
09:12:28 [drogersuk]
@dsinger - yes I missed that too
09:13:03 [hendry]
ifette: true, but i struggle to toggle geolocation and i'm smart I think
09:13:11 [jmorris]
dan: what role do education, parents, etc. play in addressing this problem?
09:13:14 [drogersuk]
most of the people in this room started their technical careers getting round restrictions that were put on them as kids
09:13:31 [jmorris]
john carr: agree that education is part of it, but technical is also part
09:13:33 [hendry]
ifette: in chrome the option to turn off geolocation is buried under a couple of menus!
09:13:54 [ifette]
hendry, everything in chrome is buried under multiple menus because for most users there is no desire to turn this off permanently
09:14:04 [rbarnes]
hendry: i can't find the toggle in firefox; ironically, it's not under the "privacy" tab
09:14:18 [wonsuk]
wonsuk has left #privacy
09:14:32 [jmorris]
pat: to clarify re 2004 code of practice - it was successful because mobile operators were in highly regulated environment
09:14:37 [ifette]
hendry, chrome will also ask you on each site
09:14:45 [ifette]
(as will any browser afaik)
09:14:49 [hendry]
i have taken a few screenshots battling to turn off geolocation (on already authed sites)
09:14:51 [jmorris]
john: 2004 included extra layers for children
09:15:42 [hendry]
ifette: i think the desire is there. i need to turn it off from time to time. ;)
09:16:01 [jmorris]
robert?: use cases mixed up - gambling , predators, different use cases
09:16:12 [ifette]
hendry, please do not use ifette: as then the minutes will have me reflected as saying that.
09:16:20 [ifette]
hendry, in chrome you could have done it much more simply
09:16:24 [ifette]
click on the little target in the url bar
09:16:26 [npd-test]
npd-test has joined #privacy
09:16:30 [ifette]
and you can change settings for the site you're on
09:16:39 [jmorris]
cullen: how did gambling work
09:16:45 [bryan_sullivan]
do any of the browsers make it easy to create a user-specific button to turn geoloc on/off?
09:16:47 [eisinger]
also the website can already locate you pretty good with only your ip
09:16:53 [ifette]
in one click
09:16:56 [jmorris]
.. gambling restrictions on kids
09:17:18 [hendry]
is that for all open tabs btw?
09:17:19 [jmorris]
john carr: when you apply to gambling site, you allow credit, other checks
09:17:33 [ifette]
hendry if you clear it, future requests will fail
09:17:36 [ifette]
on all tabs/windows
09:17:47 [ifette]
the setting is stored for the origin, not tied to a window/tab
09:17:58 [jmorris]
.. 5% cannot verify with databases, they must use other papers
09:18:17 [jmorris]
dsinger: is there error the other way- children in databases?
09:18:25 [hendry]
i mean for all running apps (different origins)
09:18:33 [ifette]
the setting is per origin
09:18:43 [tlr]
09:18:46 [jmorris]
Kasey Chappelle, Vodafone
09:18:58 [ifette]
i find it rather unlikely someone suddenly decides they want to turn off geolocation for all sites
09:19:06 [jmorris]
.. paper is at
09:19:10 [ifette]
we have these theoretical discussions, in practice it doesn't seem to happen
09:19:22 [hendry]
ok,we'll debate this later :)
09:19:35 [jmorris]
Kasey: privacy is the right to decide - informational self-determination
09:20:13 [jmorris]
.. lots of words on slides ..
09:20:26 [Jens]
Jens has joined #privacy
09:20:26 [MikeS]
RRSAgent, make minutes
09:20:26 [RRSAgent]
I have made the request to generate MikeS
09:21:04 [jmorris]
.. web 2.0 mashup ability means I am more empowered to talk
09:21:35 [jmorris]
.. economic changes ..
09:21:43 [jmorris]
.. regulation becomes a barrier to entry
09:21:53 [jmorris]
.. need to walk fine line
09:22:16 [jmorris]
.. disruptive innovation is happening all the time, do not want to stop that
09:22:34 [jmorris]
.. regulatory environment in flux
09:23:04 [karl] - my slide From Privacy to Opacity - Digital Me Management
09:23:07 [jmorris]
.. EU is relooking at data protection directive, US is proposing privacy laws,
09:23:45 [jmorris]
.. old distinctions between controller, processor, subject are blurring
09:24:18 [jmorris]
.. some consistent principles around the world
09:24:50 [jmorris]
.. if you meet these principles, companies will avoid privacy fiascos
09:25:25 [jmorris]
.. key principles : transparent notice, informed choice, access/correct/delete, minimize/delete
09:25:49 [jmorris]
.. privacy policies ... 4000 words... not read
09:26:01 [rbarnes]
tlr: kasey is pretty well audible in the back
09:26:12 [jmorris]
.. users do not know what choices are.... info not available in helpful manner
09:26:22 [fjh]
Present+ Frederick_Hirsch
09:26:54 [jmorris]
Present+ John_Morris
09:27:14 [drogersuk]
@tlr just about
09:27:29 [jmorris]
kasey: if regulators decide how privacy is done, then this will chill innovation on privacy
09:27:43 [jmorris]
.. security does not equal privacy
09:28:00 [jmorris]
.. security is how/what info is being accessed, but not the why
09:28:01 [drogersuk]
@dsinger - I brought my camera for a laugh just to see if anyone would complain - I walked in and some guy had a huge lense taking pictures of everyone
09:28:09 [jmorris]
.. this is broader that geolocation
09:28:26 [fjh]
can barriers to entry created by regulation also create possible monopoly structures due to the need for scale for meeting the regulations?
09:28:42 [jmorris]
.. embedded code in handset can create profiles
09:28:49 [tlr]
09:29:18 [jmorris]
frederick: is "informed" a well defined term?
09:29:31 [jmorris]
kasey: opened, evolving area
09:29:43 [jmorris]
.. 4000 word policy is not "informed"
09:30:00 [jmorris]
frederick: "reasonableness"?
09:30:03 [ifette]
4000 seems pretty short :)
09:30:14 [anne]
anne has left #privacy
09:30:32 [jmorris]
brian: any specific characteristics that would help us understand when users have been informed
09:30:34 [drogersuk]
@dsinger that's how we identified German morse code operators in the war
09:30:56 [jmorris]
kasey: if we continue to focus on consent only, we have failed
09:31:13 [jmorris]
.. one has to balance experience - we need to rethink fundamental structure
09:31:28 [jmorris]
.. look to primary purpose, secondary purpose distinction
09:31:49 [jmorris]
simon: have you looked at where data are located?
09:31:54 [karl]
interesting. Do you give enough information to make a decision? What's happening with regards to intimate discussions between two persons. Since there are devices and private companies in between, they carry neutrally (bits transport) or not the information (data mining)
09:32:28 [jmorris]
kasey: this is part of the problem - my employer is based in UK, but if online service is accessible everyone, what rules apply?
09:32:44 [jmorris]
.. perhaps moving toward global standards
09:32:58 [jmorris]
question: national content standards
09:33:18 [jmorris]
kasey: national content standard need to still apply
09:33:28 [jmorris]
.. privacy standards may be different
09:33:50 [jmorris]
.. reactions are fairly similar - giving choices is what matters
09:34:30 [drogersuk]
solution is we need a global government with global laws. Is that a possible outcome of this workshop?
09:34:31 [jmorris]
s/robert?/David Rogers/
09:35:32 [jmorris]
tlr: moving to general discussion
09:35:57 [jmorris]
.. karl talked about forgetting things in real life, not online
09:36:27 [jmorris]
.. john talked about specific regulatory framework in UK - note tension between rule and reality
09:37:21 [jmorris]
.. kasey talked about some regulatory frameworks .. need to tell people "why" you want to use their data
09:37:47 [jmorris]
.. common theme - there are hard and fast rules that do not map into social reality
09:38:23 [jmorris]
john carr: when I was 15, I wanted to get a pint of beer in pub
09:39:07 [jmorris]
.. we should not strive to match the social reality
09:39:47 [jmorris]
.. offering of internet is aimed of family homes all over world -- we have to stop thinking about children as an afterthought
09:40:05 [fjh]
q+ to ask how to enable social mechanisms via technology
09:40:20 [jmorris]
.. we should shift our mindset to recognize that lots of children are online
09:40:43 [jmorris]
ian: to do anything useful, you must know who is a child
09:40:54 [jmorris]
.. in US, we are against national ID card
09:40:59 [dsinger]
q+ to ask what our are reasonable expectations of NOT revealing our age, gender, race, marital status, disabilities, etc.?
09:41:48 [jmorris]
john carr: you will want to solve problem
09:42:38 [tlr]
ack fjh
09:42:38 [Zakim]
fjh, you wanted to ask how to enable social mechanisms via technology
09:42:47 [tlr]
09:43:14 [jmorris]
frederick: karl mentioned things to do, but technical solutions often do not work
09:43:28 [jmorris]
... we need social mechanisms
09:44:00 [jmorris]
.. how does technology enable to social mechanisms to address concerns
09:44:16 [jmorris]
karl: what we can do is to enable people to have more control over data
09:44:17 [jmorris]
09:44:17 [jmorris]
09:44:18 [jmorris]
re will b
09:44:19 [jmorris]
e soci
09:44:21 [jmorris]
09:44:22 [jmorris]
09:44:35 [jmorris]
there will be social catastrophes
09:45:10 [tlr]
q+ henry
09:45:11 [tlr]
09:45:13 [eisinger]
there also will be keyboard catastrophes
09:45:45 [tlr]
q- henry
09:45:57 [jmorris]
question: how to create solutoins without creating monopoly?
09:46:09 [jmorris]
09:46:49 [jmorris]
karl: gps is completely anonymous system, cell phone triangulation is bad because others can see
09:47:30 [fjh]
09:47:49 [jmorris]
soeren: age verification is one example of how things get complicated by moving to web
09:47:52 [dsinger]
ack soeren
09:48:02 [tlr]
q+ bryan
09:48:02 [bblfish]
oops forgot the queue here
09:48:25 [jmorris]
.. some social network push authentication back to users -- peer-to-peer authentication
09:48:58 [jmorris]
.. seems that appear to be closed are flawed on technical level
09:49:31 [jmorris]
david singer: what if I want to interact without revealing info about myself
09:50:32 [jmorris]
09:51:31 [jmorris]
john carr: if there is a claim that service is age limited, then that should be enforced
09:51:36 [tlr]
09:51:47 [dsinger]
q- dsinger
09:52:40 [jmorris]
09:52:51 [jmorris]
ack bryan
09:53:07 [fjh]
isn't it true most people will give up much information for a coupon? Research somewhere, lost pointer.
09:53:25 [jmorris]
bryan: anonymity is weak protection - lots of info is available
09:54:28 [jmorris]
david rogers: take issue about age limits - 18 year old limit is not a privacy rule, it is a contract/legal rules
09:54:42 [jmorris]
.. use case is mixed up
09:55:28 [jmorris]
john carr: my point is that sub-18 year old is not in position to evaluate privacy questions
09:55:52 [jmorris]
.. to companies that go geoloc have a responsibility to do more
09:56:38 [jmorris]
ian: asked for concrete proposals can follow, and I've yet to hear any proposals
09:56:52 [jmorris]
kasey: we are setting a scene
09:57:02 [jmorris]
tlr: we will come back to question
09:57:22 [jmorris]
kai: liked what karl said about giving user control
09:57:33 [jmorris]
.. parent can set computer to appear as a child
09:58:01 [jmorris]
dan: we have not talked about role of parent
09:58:02 [MikeS]
RRSAgent, make minutes
09:58:02 [RRSAgent]
I have made the request to generate MikeS
09:58:20 [jmorris]
.. you buy phone for child, set it up, you give it to child
09:59:10 [jmorris]
pat: couple issues on regulation - kids set up yahoo account to pretend to be adult
09:59:53 [jmorris]
.. all info on kids available because of registry
09:59:54 [jmorris]
09:59:54 [jmorris]
10:00:40 [jmorris]
.. in countries, 15 year olds can marry, have kids, but they cannot use location services?
10:01:03 [jmorris]
john carr: I am enlisting your help for solving problems
10:01:04 [jmorris]
10:01:05 [jmorris]
10:01:06 [jmorris]
10:01:27 [jmorris]
.. internet is fragmenting, and will happen more unless we solve these problems
10:02:06 [dsinger]
to jmorris: in the USA you can fight and die for your country (and vote) at the age of 18, but not drink a beer...
10:03:08 [jmorris]
john carr: technology companies seek to avoid responsibility, and that leads gov'ts to try to step in
10:03:59 [jmorris]
karl: would like to move away from privacy policies to other social structures to create tools
10:04:28 [jmorris]
kasey: trying to encourage technology to allow users to decide where on the public/private spectrum they should be
10:05:16 [jmorris]
session is closed....
10:08:39 [eisinger]
eisinger has joined #privacy
10:27:40 [eisinger]
eisinger has joined #privacy
10:30:19 [alissa]
alissa has joined #privacy
10:30:27 [jmorris]
10:30:29 [alissa]
scribenick: alissa
10:30:39 [alissa]
David Singer speaking from Apple
10:30:49 [rbarnes]
have slides made it on the web yet?
10:31:02 [alissa]
10:31:04 [karl]
s/would like to move away from privacy policies to other social structures to create tools/would like to move away from privacy policies discussions to focus on simple tools to control data that will enable privacy. social structures already exist/
10:31:18 [jmorris]
David's paper at
10:31:29 [alissa]
... we don't realize something was private until it's gone
10:31:37 [darobin]
darobin has joined #privacy
10:31:50 [alissa]
who owns what?
10:32:04 [alissa]
... protocols and plumbing not the W3C's problem
10:32:20 [alissa]
... apps are not our problem either
10:32:33 [alissa]
... formats and presentation are out problem
10:33:21 [alissa]
priv expression languages are hard
10:33:28 [soonho]
soonho has joined #privacy
10:33:50 [alissa]
... with rights expr language, you can change it on every transaction
10:34:26 [alissa]
... constant need to expand policies to cover everything
10:34:50 [alissa]
... is it possible to verify that policy matches intention?
10:34:58 [DKA]
DKA has joined #privacy
10:35:16 [alissa]
tension between what's allowed vs. forbidden
10:36:07 [alissa]
how much data accumulation is too much?
10:37:02 [alissa]
users tend to balk at the unforeseen even if it was fairly innocuous
10:37:21 [alissa]
... policies are too long for people to read
10:37:59 [alissa]
Kasey: law encourages long policies
10:38:32 [alissa]
... but emerging legal thought in US is that important info has to be outside policy
10:39:09 [alissa]
dsinger: questions for W3C
10:39:14 [alissa]
... can we
10:39:17 [alissa]
... define privacy?
10:39:26 [alissa]
... identify W3C's scope?
10:39:33 [alissa]
... do policy languages?
10:39:40 [alissa]
... manage degree and context?
10:40:09 [alissa]
... keep disclosure informed and voluntary?
10:40:49 [alissa]
some key players are not members of W3C
10:41:01 [alissa]
... esp sites and services
10:41:21 [alissa]
... IETF has security considerations in specs
10:41:33 [alissa]
... do we need privacy considerations?
10:42:00 [alissa]
tlr: XHR 2 has priv as exit requirement
10:42:01 [jmorris]
+1 on proactively having a privacy considerations sections
10:42:11 [tlr]
s/priv as exit/security considerations as exit/
10:42:24 [jmorris]
+1 on there being privacy implications on most of what W3C does
10:42:38 [alissa]
do we have enough mistakes to learn from?
10:42:40 [tlr]
(Part of David's point was that neither privacy nor security considerations being mandatory in W3C specs.)
10:42:44 [alissa]
... need a taxonomy
10:43:21 [alissa]
David Applequist: last question was driver for this workshop
10:43:41 [alissa]
... want to know what we learned from implementations
10:43:48 [alissa]
... of geoloc API
10:44:29 [jmorris]
s/having a/having/
10:44:35 [DKA]
10:44:44 [alissa]
dsinger: conlusion: this is a big fluid area
10:45:03 [alissa]
bryan_sullivan: who owns what is a key question
10:45:28 [alissa]
... as in, who owns data about my identity
10:45:29 [jmorris]
10:46:00 [alissa]
tlr: ownership is used in broader priv literature, but it's limited
10:46:21 [dom]
dom has joined #privacy
10:46:41 [drogersuk]
drogersuk has joined #privacy
10:47:25 [alissa]
Aram (?): machine-to-machine (m2m), like smart grid, is emerging
10:47:45 [alissa]
... info about people that they don't even know can be collected about them
10:48:10 [alissa]
tlr: interesting questions beyond javascript APIs
10:48:33 [alissa]
henry: ownership is the wrong framework
10:49:06 [alissa]
... value of info changes depending on who I got it from
10:49:53 [alissa]
dsinger: was talking about ownership of specs, not ownership of data
10:50:19 [alissa]
... nefarious web sites built with our specs are not our fault
10:51:03 [alissa]
new speaker: Pat Walshe, GSMA
10:51:42 [alissa]
EU commission is looking at who owns data
10:52:04 [alissa]
putting the user back in the center of things
10:52:34 [alissa]
... complex web of relationships around the user
10:52:47 [alissa]
10:53:16 [alissa]
Eric Schmidt recently said priv will become so impt that it will have to regulated on country-by-country basis
10:53:33 [alissa]
focus on consent is misguided
10:54:19 [alissa]
why "preservation" and "protection"? why not expression of choice and preference? innovation?
10:55:32 [alissa]
all different apps collect different kinds of data, but all claimed not to be PII
10:56:33 [alissa]
GSMA was concerned about what was happening with mobile privacy
10:56:55 [alissa]
... priv not being treated consistently or in functional terms
10:57:14 [alissa]
... security does not equal privacy
10:57:46 [alissa]
... looking for consistent priv experiences
10:58:28 [alissa]
how do entities across borders agree about how to respect my privacy?
10:58:51 [alissa]
privacy in standards: one approach is privacy principles
10:59:40 [alissa]
... users have priv needs and expectations that need to be incorporated into development processes
10:59:46 [jochen]
jochen has joined #privacy
11:00:13 [alissa]
... focus on outcomes
11:00:25 [alissa]
... long policies are not good outcomes
11:01:47 [alissa]
principles are looking at context-aware priv prompts
11:01:49 [jmorris]
jmorris has joined #privacy
11:02:10 [jmorris]
Present+ John_Morris
11:02:17 [alissa]
asking for consent for everything undermines privacy
11:02:43 [alissa]
privacy design guidelines useful for meeting global expectations
11:03:06 [alissa]
... expectations transcend borders and contexts
11:04:12 [alissa]
ISO is doing work on priv standards, regulators are involved
11:04:42 [alissa]
... some regulators concerned that SDOs can't get the job done themselves
11:04:52 [jmorris]
jmorris has joined #privacy
11:05:42 [alissa]
Article 29 working party out to set express consent baseline for applications
11:06:36 [alissa]
developers need something that they can understand
11:07:57 [alissa]
DKA: mentioned that ISO is opaque
11:08:16 [alissa]
... have lots of convos happening internally, but we're not talking to each other
11:08:32 [jochen]
I love those bug reports: I blocked the 3rd 7th and 9th cookie and now the page went in a redirect loop
11:08:52 [alissa]
... would like to see more transparency around those processes
11:08:54 [hendry]
11:09:46 [alissa]
Pat Walshe: our process is transparent now
11:10:19 [alissa]
tlr +1 to DKA
11:10:36 [alissa]
(speaker): what does GSMA do concretely?
11:11:00 [alissa]
Pat Walshe: have gotten members to agree to privacy principles
11:11:13 [jmorris]
11:11:33 [alissa]
... and priv design guidelines
11:12:11 [alissa]
previous efforts have been aimed at fixed line context
11:12:34 [alissa]
Sören: where do guidelines come from?
11:12:46 [alissa]
Pat Walshe: guidelines from many different members
11:13:26 [alissa]
ifette: how do you cut the crap out of priv policies?
11:13:48 [alissa]
... everyone has to explain the same nonsurprising stuff
11:14:39 [alissa]
Sören: users care about different things, may be surprised by diff things
11:15:10 [fjh]
need to focus on exceptions, management by exception
11:15:31 [alissa]
bryan_sullivan: priv by design still has a long way to go
11:15:46 [fjh]
+1 to ifette
11:15:49 [alissa]
... how are we going to determine conformance to PbyD principles?
11:16:03 [alissa]
Pat Walshe: looking at a seal program
11:16:05 [drogersuk]
I cannot believe that comment: "if you want to know what a cookie is, go to W3C" - that is so far out of touch with the reality of 99% of users to be offensive
11:16:37 [alissa]
rbarnes: GSMA has one API program that has good building blocks for higher layer decisions
11:17:16 [alissa]
Pat Walshe: one API allows one interface for buying on mobile
11:17:29 [alissa]
next speaker: Hannes Tschofenig
11:17:40 [karl]
drogersuk, the issue is not necessary where it is defined but more how people access it and in which language do we explain it. That's another issue of privacy policies. Living in a foreign country with a different language.
11:17:49 [alissa]
DKA: developers are interested in ideas around privacy guidelines
11:17:49 [jochen]
jochen has joined #privacy
11:18:44 [tlr]
11:18:53 [alissa]
HT: IAB shares goal with IETF of making internet work better
11:18:54 [rbarnes]
11:19:00 [drogersuk]
@karl, completely agree but most users do not have a clue about anything technical, we need to bring it down some notches to what is understandable
11:19:19 [alissa]
privacy = fair information practices
11:19:35 [alissa]
... no shortage on priv principles
11:20:33 [alissa]
IETF applies hybrid of PbyD and "priv by policy"
11:21:17 [alissa]
... PbyD is more understandable to engineers
11:21:25 [alissa]
... although it's often advocated by non-designers
11:21:52 [alissa]
role of SDOs
11:22:24 [alissa]
... some orgs are strongly focused on standardizing everything -- 3GPP, OMA, ETSI, ITU-T
11:22:47 [alissa]
... then proprietary: not Internet-based
11:23:02 [alissa]
... then built on top of standards
11:23:18 [alissa]
... need for standards decreases as you go up the protocol stack
11:24:14 [alissa]
... priv seals and certifications haven't provided a lot of value
11:24:28 [alissa]
... IETF has remained generic in protocol definition
11:26:14 [alissa]
IETF often standardizes after implementations and deployments exist, limiting designability
11:26:24 [karl]
programmatic forgetfulness = creating a system which makes it possible to automatically delete information against certain criterias (once seen by X, in 3 days, once seen by someone in that location, etc.)
11:26:49 [jmorris]
jmorris has joined #privacy
11:27:03 [alissa]
... pragmatic approach required
11:27:32 [jmorris]
jmorris has joined #privacy
11:27:37 [alissa]
IETF also often doesn't see what happens when things get deployed
11:28:54 [alissa]
... limits to what behavior IETF can dictate
11:29:29 [alissa]
Example: SIP
11:29:31 [karl],2340,en_2649_34255_1815186_1_1_1_1,00.html
11:29:40 [karl]
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
11:29:50 [alissa]
... protocol for sesson establishment and maintence
11:30:13 [alissa]
... priv not incorporated at first, but extensions developed throughout
11:30:38 [alissa]
... with deployments, got regulatory requirements and business requirements
11:30:51 [alissa]
... e.g., recording sessions
11:31:01 [karl]
IETF Policy on Wiretapping
11:31:37 [alissa]
... tension between security/priv and these requirements
11:31:42 [MikeS]
RRSAgent, make minutes
11:31:42 [RRSAgent]
I have made the request to generate MikeS
11:31:49 [alissa]
... e.g., lawful intercept
11:32:06 [alissa]
... question is how to tackle conflicting requirements?
11:32:18 [alissa]
things for W3C/IETF to do
11:32:25 [alissa]
... (acknowledging limitations)
11:32:31 [dom]
11:32:57 [dom]
(July 5 2010)
11:33:01 [alissa]
... feedback appreciated on priv terminology doc
11:33:20 [alissa]
... education and awareness for engineers
11:34:05 [alissa]
... guidelines for having privacy considerations in standards
11:34:52 [alissa]
... establish review teams for privacy considerations
11:36:19 [alissa]
would like to establish smilar views among other SDOs
11:36:49 [alissa]
... want to avoid forum shopping
11:37:17 [alissa]
identify implementation and research challenges (IRTF)
11:37:19 [dom]
-> Internet Research Task Force
11:38:07 [alissa]
education of regulators
11:38:41 [alissa]
... regulators can help increase transparency
11:39:34 [alissa]
bryan_sullivan: how is IPv6 going to affect privacy?
11:40:05 [alissa]
HT: if your IP address never changes, sites you visit will see it all the time, but there are standardized solutions to change that
11:40:54 [alissa]
Sören: theme seems to be need to cut down to simple decisions
11:41:14 [alissa]
... on other hand we have frameworks and guidelines
11:41:24 [alissa]
... lack of empirical evidence about what users want
11:41:30 [alissa]
... or what will surprise them
11:41:46 [alissa]
DKA: we are talking across a wide range of things
11:42:06 [alissa]
... PbyD can be about app or service, but HT was talking about design of protocols
11:42:35 [alissa]
Sören: IETF trying to engineer new protocols
11:42:44 [alissa]
HT: at the end it's about what goes over the wire
11:42:51 [alissa]
... but more complicated than that
11:43:05 [alissa]
... whole collection of entities need to work together
11:43:33 [alissa]
... e.g., XMPP made deliberate decision to route all traffic through core nodes, but could be totally different
11:43:58 [alissa]
Pat Walshe: research has been conducted about what people want
11:44:04 [alissa]
... but we need more
11:44:41 [alissa]
... guidelines are needed to unify across platforms
11:45:42 [alissa]
tlr: there are diff pieces of the system that have entirely different privacy discussions
11:46:21 [alissa]
... location acquisition (GPS, cell triangulation) vs. consumer of location information
11:46:40 [alissa]
... designing pieces of protocol vs. pieces that interface with apps
11:47:03 [alissa]
DKA: only as private as the weakest privacy link
11:47:36 [tlr]
11:48:02 [alissa]
HT: we did something specific in geolocation about how granular preferences are
11:48:57 [alissa]
Pat Walshe: speech-to-text app dropped in rankings because it started invading privacy
11:49:22 [alissa]
Kasey Chapelle: privacy fiascos tell us about what users want
11:49:58 [alissa]
dsinger: targeted advertising spooks people
11:50:36 [alissa]
John Carr: many companies shape consumer expectations, don't they have an ethical view of these questions?
11:51:21 [alissa]
(speaker?): have done consumer research
11:51:37 [alissa]
... we shouldn't make decisions for consumers
11:52:08 [alissa]
... but we've found that there's a big difference between sharing with friends and sharing with companies
11:52:15 [tlr]
s/(speaker?)/Zoli Piroska/
11:52:25 [alissa]
... most privacy issues are with friend sharing
11:52:52 [alissa]
... company data collection is important, but consumers care about social sharing more
11:53:34 [alissa]
tlr: powerful frame for a general discussion
11:54:09 [alissa]
rbarnes: challenge Kasey notion that we know what consumers want
11:54:17 [alissa]
Kasey: we learn from fiascos
11:55:17 [alissa]
dsinger: all of my transactions used to be physically distinct
11:56:38 [alissa]
drogers: different users have diff expectations
11:57:49 [alissa]
alissa: consumers can't care about things they don't know about
11:58:01 [alissa]
lunch time!
12:16:48 [MikeS]
MikeS has joined #privacy
12:17:10 [MikeS]
RRSAgent, make minutes
12:17:10 [RRSAgent]
I have made the request to generate MikeS
12:18:33 [MikeS]
MikeS has joined #privacy
12:28:48 [MikeS]
MikeS has joined #privacy
12:59:13 [jochen]
jochen has joined #privacy
13:02:37 [Kangchan]
Kangchan has joined #privacy
13:02:58 [jmorris]
jmorris has joined #privacy
13:04:50 [Kangchan]
Kangchan has joined #privacy
13:06:10 [alissa]
alissa has joined #privacy
13:07:34 [soonho]
soonho has joined #privacy
13:11:07 [dsinger]
dsinger has joined #privacy
13:11:09 [cullenfluffyjenni]
cullenfluffyjenni has joined #privacy
13:13:18 [jochen]
jochen has joined #privacy
13:14:40 [tlr]
tlr has joined #privacy
13:15:24 [dsinger_]
dsinger_ has joined #privacy
13:15:44 [karl]
useful for this workshop Poyozo is an automatic, personal diary system to help reclaim and consolidate your ever-expanding digital life with simple visualizations that you can use every day.
13:15:54 [karl]
scribenick, karl
13:15:59 [dom]
13:16:23 [karl]
topic: Consumers' privacy decision-making
13:16:31 [pkelley]
pkelley has joined #privacy
13:16:53 [rbarnes]
rbarnes has joined #privacy
13:17:01 [karl]
soren: I have been looking at how users make decisions
13:17:36 [drogersuk]
drogersuk has joined #privacy
13:17:50 [karl]
... if users are not satisfied with their privacy will feed competition.
13:18:19 [karl]
... toxic triangle: cancel and switch / false data / cancel
13:18:21 [dom]
13:18:38 [karl]
... these will create negative business impacts
13:18:47 [wonsuk]
wonsuk has joined #privacy
13:18:50 [karl]
... we do not know why people switch between these three
13:19:29 [karl]
... privacy negotiation is not necessary formalized. It can be a straightforward process.
13:19:47 [karl]
... There could be incentives behind privacy questions.
13:19:58 [fjh]
fjh has joined #privacy
13:20:47 [karl]
... Privacy practices have been better when you have more users, longer history, bigger web sites, etc.
13:21:05 [karl]
... This is correlation and not causality.
13:21:19 [bryan_sullivan]
bryan_sullivan has joined #privacy
13:21:27 [karl]
... We did laboratory experiment.
13:21:42 [karl]
... We really need more data by observing people.
13:21:49 [karl]
... We need to know what people do.
13:23:17 [karl]
... experiment made around buying DVDs.
13:24:13 [karl]
... Two companies forms look like exactly the same
13:25:59 [karl]
... on one side we asked for the colour on the other one for the income for the same price. And the an additional case with a lower price.
13:27:08 [karl]
... if the price is better, they are ready to give more information.
13:27:16 [karl]
... they go to discount instead of privacy.
13:28:19 [karl]
xxx: what was the population distribution?
13:28:23 [karl]
soren: students.
13:28:32 [karl]
xxx: did they have incomes at all?
13:29:26 [karl]
soren: the experiment was real. They really bought the DVD.
13:29:34 [dsinger]
s/xxx/several people/
13:30:10 [karl]
kai: is the sample too low?
13:30:25 [karl]
soren: it's too low for binomail interpolation
13:30:32 [MikeS]
MikeS has joined #privacy
13:30:42 [MikeS]
RRSAgent, make minutes
13:30:42 [RRSAgent]
I have made the request to generate MikeS
13:30:45 [karl]
... but it's fine for the studies.
13:31:20 [dsinger]
13:31:32 [karl]
... we know that people made this choice even if they were not satisfied about it
13:31:57 [dom]
s/studies/heuristics studies/
13:32:54 [karl]
... we asked them if they were willing to reveal their data.
13:33:36 [karl]
... people will user the cheaper company against their own rules.
13:35:22 [karl]
... data about privacy preferences are not homogeneous.
13:35:58 [karl]
... valid experiments reveal user's privacy decision-making.
13:36:05 [karl]
... forget intuitions
13:36:16 [karl]
... collect real data from experiments.
13:37:10 [karl]
bbb: it's difficult to assess what users want in this kind of experiment for zzz
13:37:15 [karl]
soren: true
13:37:37 [karl]
... maybe collection is not the right thing to test, but the use.
13:38:21 [dom]
13:38:22 [karl]
Topic: User-Controllable Location Privacy
13:39:05 [tlr]
13:39:13 [karl]
pkelley: We are actually working with users.
13:39:21 [karl]
... to be sure the information is really usable.
13:39:28 [darobin]
darobin has joined #privacy
13:39:35 [MikeS]
MikeS has joined #privacy
13:40:00 [karl]
... Users have things more and more difficult to configure.
13:40:05 [karl]
... example a router.
13:40:35 [karl]
... I will focus on sharing in a mobile social way.
13:41:15 [karl]
... These apps on mobile location have been developed by dozens.
13:41:39 [karl]
... We do not have yet a situation of the size of Facebook, even 4square.
13:42:11 [karl]
... We developed Locaccino in a way to study the privacy settings and their usage.
13:42:37 [karl]
... We study how they use their phone on a long term.
13:43:25 [karl]
... There is no policy which makes it acceptable for every type of users.
13:43:30 [karl]
... It doesn't exist.
13:44:25 [karl]
... people have been asked for every location what would be their sharing behaviour.
13:44:55 [karl]
... Is it possible to group the results in a way which is meaningful for creathing rules.
13:45:38 [karl]
... location rules don't exist
13:45:43 [karl]
... time rules don't exist
13:46:07 [karl]
... you can only put in group rules
13:46:14 [karl]
... (friends, etc.)
13:47:19 [karl]
... The white list is the lowest "average time shared"
13:47:31 [karl]
... for each type of groups.
13:47:57 [karl]
... People do not want to share with Advertisers group
13:48:10 [Zakim]
Zakim has left #privacy
13:49:03 [Younsung]
Younsung has joined #privacy
13:50:06 [jochen]
jochen has joined #privacy
13:50:11 [karl]
... Future work
13:50:30 [karl]
... soft paternalism…
13:50:50 [karl]
... We have been running the system for 3 years and thousands of people
13:51:01 [karl]
... users have complex privacy settings
13:51:08 [rbarnes]
rbarnes has joined #privacy
13:51:57 [karl]
... There are not enough people using LBS to be sure about the true complexity of your Privacy policies.
13:52:29 [karl]
... approving and disapproving a friend, your mother and your work colleague are quite hard challenges.
13:52:43 [karl]
... We need time to see how it will evolve.
13:53:43 [karl]
... we have studied labels design and we come up with two types of designs.
13:54:36 [karl]
... The table one was the more effective overall.
13:55:42 [karl]
... 20% of people miss the word cookie in the middle of a paragraph.
13:55:50 [karl]
... People prefer the graphical approach.
13:56:36 [karl]
kai: did you measure blacklist and whitelist?
13:56:52 [karl]
pkelley: no, we didn't
13:57:07 [karl]
ccc: blabla
13:57:20 [karl]
pkelley: I can't answer this question
13:58:00 [karl]
... I'm not sure I can believe users, but it's what they report.
13:58:14 [karl]
dka: location obnoxious
13:58:54 [karl]
pkelley: It is often unclear what is the ideal outcome
13:59:15 [karl]
... where do you try to push the users to?
13:59:32 [karl]
... people do not want to be completely private.
14:00:02 [karl]
... Nudging could be "Are you really sure to do that?"
14:00:13 [karl]
DKA: Users might turn off
14:00:21 [karl]
pkelley: yes indeed.
14:01:00 [karl]
dsinger: did you dig in personal preferences or is it just the results of social context?
14:01:23 [karl]
pkelley: Long time research shows that people are not going to many places
14:01:33 [karl]
... it's hard to find out
14:01:41 [karl]
... the quality of data.
14:01:49 [karl]
s/find out/assess/
14:03:42 [Simon]
Simon has joined #privacy
14:04:13 [cullenfluffyjenni]
Is there a twitter tag people are using for this workshop ?
14:05:25 [dom]
14:06:17 [pkelley]
pkelley has joined #privacy
14:07:16 [karl]
Topic: Access Control is an Inadequate Framework for Privacy Protection
14:07:28 [karl]
lalana: I do not propose any technical solutions.
14:07:44 [karl]
... I will propose future directions researchs.
14:07:58 [karl]
... Brandeis = access to information
14:08:08 [karl]
... willis = use of information
14:08:35 [karl]
... sensitive information can be inferred from public resources.
14:08:40 [karl]
14:09:06 [karl]
... (slide 3 of 9)
14:09:43 [karl]
... Once I have access to an information, I can post it in another context
14:10:03 [karl]
... but the context has changed and then I might violate the privacy of a friend
14:10:36 [karl]
... Gaydar project helped to reveal the sexual orientation in Facebook.
14:10:51 [karl]
... even with people having totally private profile.
14:11:15 [karl]
... It was before the list of friends was made public.
14:11:48 [karl]
... We should have system where data could be used in a more sensitive way.
14:11:52 [shepazu]
shepazu has joined #privacy
14:12:27 [karl]
... privacy social systems should be built in accordance of physical social norms
14:13:07 [karl]
... Signals and signs in human society describe behavior (example car parking sign)
14:13:37 [karl]
... There are mechanisms to identify violators and to respect the rule.
14:14:09 [karl]
... We do not know if there is a technical solutions.
14:14:18 [karl]
... we have ideas about possible systems
14:14:30 [karl]
... give enough information to users to make decisions.
14:14:46 [karl]
... If their privacy will be respected, if they should sue, etc.
14:15:01 [karl]
... Google Dashboard goes into the right direction.
14:15:40 [karl]
... information accountability should be supported.
14:15:46 [rbarnes]
rbarnes has joined #privacy
14:16:03 [karl]
... We are interested in privacy enabling interface design.
14:16:28 [karl]
... When I try to copy a picture, make a box for warning the users of the context of the photos.
14:17:00 [karl]
... Not an enforcement mechanisms but an information that users will be reminded of the privacy context.
14:17:29 [karl]
... policy awareness through icons for example.
14:17:58 [jochen]
jochen has joined #privacy
14:18:16 [karl]
... privacy nudges help to prevent users to send emails.
14:18:40 [karl]
... "Are you sure you want to send to all these people?"
14:19:17 [karl]
... Before you submit, having a message explaining the consequences.
14:19:31 [karl]
... There are works on data usage.
14:20:24 [karl]
karl: you need a google account to check google dashboard. It's an issue.
14:20:32 [karl]
lalana: indeed.
14:20:46 [karl]
dsinger: question
14:20:47 [soonho]
soonho has joined #privacy
14:21:07 [karl]
lalana: When I see the CreativeCommons I can make a decision to care or not care about
14:21:13 [karl]
... but I make an informed choice.
14:21:36 [karl]
casper: access control is only a part of the solution
14:21:58 [karl]
... but you should distinguish the notion of social networks and user with organizations.
14:22:54 [karl]
... access control is different, for example, for employees of organization dealing with users data.
14:23:52 [karl]
lalana: discussing with facebook people, they said that "oh we tell them to not look at the data"
14:24:15 [karl]
casper: at microsoft, we have very strict policies.
14:24:38 [karl]
... very small set of persons access emails for example.
14:25:07 [karl]
dka: Who at facebook look at the picture?
14:25:47 [karl]
hstory: one of the weird things with a network with a uri and a photo.
14:26:20 [karl]
... Even for access control, there is a need for interface
14:26:38 [karl]
... it's much easier to link to photos than copy.
14:27:13 [karl]
... Access control for friends is necessary too.
14:27:51 [karl]
dka: how do we make privacy information usable in many different contexts and for different type of users?
14:29:09 [karl]
tlr: people have no idea when they are asked.
14:29:55 [karl]
... disconnect about what they have set and what they say they have set.
14:30:28 [Younsung]
Younsung has joined #privacy
14:30:58 [karl]
aaa: People are bad at making decisions about their privacy in advances
14:31:16 [karl]
... maybe the best way is to let people know after the facts the implications.
14:31:33 [karl]
soren: Nudges remind me of a paperclip.
14:31:39 [karl]
... it can be annoying.
14:32:18 [karl]
aaa: icons are meaningful, tables are meaningful.
14:32:33 [jochen]
jochen has joined #privacy
14:32:36 [karl]
bbb: this is nothing new. You trust your bank.
14:32:55 [karl]
... Vodafone can listen any of your conversations.
14:33:49 [karl]
hstory: the best way to help users would be to have systems what their page look like for another user.
14:34:15 [drogersuk]
drogersuk has joined #privacy
14:34:25 [karl]
ccc: people do not want to have to configure.
14:34:45 [karl]
... is there more things we can do for defaults.
14:35:08 [karl]
soren: How to choose the default is the issue. There are very powerful.
14:35:49 [karl]
pkelley: there could be a set of predefined defaults
14:36:06 [karl]
... the issue is when they change the sets
14:36:16 [karl]
... it's what happening with Facebook.
14:36:47 [karl]
soren: giving an example of 4 sets.
14:37:26 [karl]
alissa: what are the things which are right for standardization?
14:37:38 [karl]
... Is it better to have competition
14:37:48 [karl]
... is it better to have the same for every companies
14:37:57 [tlr]
Lalana's slides:
14:38:28 [karl]
lalana: standardizing icons could be good thing
14:40:07 [karl]
ianfette: In real life, companies are not necessary comfortable with generic profiles.
14:40:26 [karl]
... they want to know exactly what the user wants.
14:41:08 [karl]
... antifishing practices
14:41:59 [karl]
... each time a user is confronted with something new, users are freaking out about it.
14:42:27 [karl]
tlr: we should take into consideration the length of time the users are freaked out.
14:42:51 [karl]
lalana: is it a question of design of interface
14:43:01 [karl]
ianfette: I do not think it will solve it.
14:43:20 [karl]
ddd: we know that people do not know what they want.
14:44:10 [karl]
... should people care about privacy?
14:44:57 [karl]
pkelley: researchs help to figure out some of the data around privacy policies.
14:45:32 [karl]
14:46:03 [karl]
aza: for most of people, it goes over their head
14:47:01 [karl]
kai: what about users who never find out?
14:47:32 [karl]
... every time you visit a Web site, they check. Nobody knows that.
14:47:58 [karl]
soren: if they learn it later on in NYT, they will really freak out.
14:48:39 [karl]
eee: Google has no way inferring the uri because of a hash.
14:49:05 [karl]
fff: What kind of change do you need?
14:49:53 [karl]
ianfette: (missed the answer)
14:50:30 [karl]
ggg: What is the best way to communicate to users what they want
14:50:35 [karl]
... they know what they want
14:50:44 [wonsuk]
wonsuk has left #privacy
14:52:11 [karl]
tlr: the question is often the mismatch between what the user wants and what is happening
14:52:58 [karl]
casper: we can learn a lot of p3p
14:53:15 [karl]
... if we do not remember that stuff, we will fail.
14:53:55 [karl]
ianfette: some things just do not work.
14:54:46 [MikeS]
RRSAgent, make minutes
14:54:46 [RRSAgent]
I have made the request to generate MikeS
15:17:07 [soonho]
soonho has joined #privacy
15:21:43 [drogersuk]
drogersuk has joined #privacy
15:21:51 [alissa]
alissa has joined #privacy
15:22:11 [rbarnes]
rbarnes has joined #privacy
15:22:55 [bryan_sullivan]
bryan_sullivan has joined #privacy
15:23:27 [darobin]
darobin has joined #privacy
15:24:03 [DKA]
15:24:12 [darobin]
jochen: geolocation is a content setting
15:24:21 [cullenfluffyjenni]
Talk about geolocation api and problems implementation of it
15:24:22 [darobin]
... the spec tells you to get consent from the user
15:24:41 [darobin]
... you should include the URI of the respource that wants geolocation
15:24:55 [darobin]
... but it's not just text+markup, it's an application stack
15:25:33 [rbarnes]
rbarnes has joined #privacy
15:25:38 [darobin]
... the straightforward approach is to just prompt the user with lengthy information about where the javascript requesting info comes from
15:25:49 [darobin]
... it's complex because there can be iframes and remote scripts involved
15:26:14 [darobin]
Sören: do you need an API key to use the Google geolocation service
15:26:15 [pkelley]
pkelley has joined #privacy
15:26:23 [darobin]
jochen: only for mashups
15:26:29 [darobin]
kai: with v2 you don't need it
15:26:39 [darobin]
ian: this is a generic problem with javascript on the web
15:26:48 [darobin]
jochen: including the domain, but of what?
15:27:05 [darobin]
... you have to track where each piece of js comes from, and what it's talking to
15:27:27 [darobin]
... once you have permission from the user, the spec says she should be able to change her mind
15:27:38 [darobin]
... which means you then need some UI to make this accessible
15:27:55 [darobin]
... if you go to it's easy, everything's from google
15:28:09 [darobin]
... (demonstrates infobar in chrome)
15:28:46 [darobin]
... an icon in the address bar tells you that the page is using geo, and you can revoke
15:28:53 [darobin]
... it's accessible, but that's the easy case
15:29:18 [darobin]
... (shows the same case, but with google maps embedded in a third party site)
15:29:38 [darobin]
... should we show this as google requesting or as the 3rd party site requesting?
15:29:43 [darobin]
... it's not an easy question
15:29:55 [darobin]
... we ask the user for what's included
15:30:32 [darobin]
.... but if you go to the revocation UI it shows the permission for what's included as embedded by the third party
15:30:58 [darobin]
RB: do you go several levels of embedding down?
15:31:05 [darobin]
jochen: no only one
15:31:26 [darobin]
tlr: you're matching on the top origin and on the embedded origin?
15:31:28 [darobin]
jochen: yes
15:31:52 [darobin]
... in-between levels of embedding, if any, are not listed
15:32:30 [darobin]
... the reason it took me 8 clicks to get to these settings is because we believe that this is a level of detail that is too advanced for users
15:32:57 [darobin]
... we had a similar settings exposed for cookies earlier
15:33:08 [darobin]
... but users used them in random ways that broke websites
15:33:18 [darobin]
kai: so you think it's too complicated, and therefore hide it?
15:33:49 [darobin]
jochen: yes, average users don't understand embedding
15:33:57 [darobin]
kai: it could just be your UI design that's bad
15:34:19 [darobin]
ianf: only 10% of users even understand the menu from the icon in the address bar
15:34:46 [darobin]
dka: do you know whether or not average users are paying attention to that icon
15:34:58 [darobin]
[scribe may have misunderstood ianf's input]
15:35:19 [darobin]
jochen: we track this information, but the data are skewed
15:35:32 [darobin]
... but based on the data we have people don't use them
15:35:47 [darobin]
alissa: how many people are going to location-aware sites?
15:35:55 [darobin]
jochen: google home page, google mobile...
15:36:18 [darobin]
tlr: alissa's question is how many folks are exposed to an activated geo page, and how many use the icon
15:36:41 [darobin]
jochen: I can't tell for chrome, but for the mobile browser location is a highly used feature
15:37:04 [darobin]
dka: on the android browser I don't see the icon
15:37:12 [darobin]
jochen: it's not there currently
15:37:20 [darobin]
tlr: what were your considerations in changing it
15:37:54 [darobin]
jochen: we found that the way we used to do it (accept once) was not what users wanted — controlling geo more granularly should be easy
15:38:14 [darobin]
... you don't want to share your location every time you open maps
15:38:32 [darobin]
sören: how many people revoke permissions:
15:38:34 [darobin]
ianf: none
15:38:42 [drogersuk]
drogersuk has joined #privacy
15:38:46 [darobin]
kai: are you going to make the android UI the same?
15:38:58 [darobin]
jochen: there isn't a lot of room...
15:39:13 [darobin]
dka: there's the title bar with room
15:40:01 [darobin]
jochen: from an implementers' point of view we'd like to see standards that take usabiilty into account
15:40:10 [wonsuk]
wonsuk has joined #privacy
15:40:14 [darobin]
... try browsing with cookies set to "promtp" to get an idea
15:40:35 [darobin]
... you don't want to prompt the user all the time
15:40:53 [darobin]
... you want a way to grant permissions for an entire web application
15:41:03 [darobin]
room murmurs "widgets" a lot
15:41:25 [darobin]
... if you don't grant access, the application doesn't get installed (or doesn't run)
15:42:12 [darobin]
jochen: in chrome we have a file api that grants access to a virtual file system
15:42:22 [darobin]
... it can be granted to a given origin, and no other website can access it
15:42:36 [darobin]
... it's tightly sandboxed
15:43:01 [darobin]
kai: over time you can build up a large number of sites which you trust, can that be saved and sent to another chrome browser?
15:43:07 [darobin]
jochen: yes, with chrome sync
15:43:21 [darobin]
jochen: the file system API is a good example of privacy by design
15:43:23 [karl]
sometimes, you can't know beforehand.
15:44:02 [karl]
example: The Facebook like button which are tracking fb users out there even if they do not click the "like" button.
15:44:15 [karl]
s/which are/which is/
15:44:20 [darobin]
... designed in such a way that you don't need to prompt the user
15:44:31 [darobin]
robin: is that the DAP/WebApps file system API?
15:44:33 [darobin]
ianf: yes
15:44:57 [darobin]
alissa: geo says nothing about the iframe issue, you guys took it upon yourselves to handle that
15:45:12 [darobin]
jochen: from an implementers' perspective, you know these things and you have to deal with them
15:45:24 [darobin]
dom: have you submitted that to the WG?
15:45:27 [darobin]
ian: yes
15:45:35 [darobin]
... and our solution is conforming
15:45:50 [darobin]
... but had the spec been wrong, we would have ignored it
15:45:59 [darobin]
tlr: the specification could use some clarification, possibly
15:46:30 [darobin]
dka: there might be a disconnect between the creation of the API and the implementation
15:46:46 [darobin]
... google was a key driver in the development of the API, so we need to work on closing that loop
15:47:10 [darobin]
cullen: problems for mobile implementation, the icon is a problem?
15:47:21 [tlr]
s/the specification could use some clarification, possibly/the specification seems clear if you read it with a spec-writer's mindset. interesting that there's a need for clarification/
15:47:23 [darobin]
jochen: no, there wasn't much thought put into what the UI ought to do
15:47:39 [darobin]
jmorris: but that's because google was against us saying anything useful about the UI
15:47:58 [darobin]
cullen: is your complaint that we chose the wrong thing or that you couldn't figure out which is best?
15:48:15 [darobin]
jochen: including these sections in specs is good
15:48:25 [darobin]
cullen: missing the details of what you were missing, we want it
15:48:47 [darobin]
tlr: think we will come back to this in the final discussion
15:48:56 [darobin]
dka: implementation experience is crucial
15:50:49 [dom]
15:50:49 [darobin]
Marcos Caceres, Opera — Privacy of Geolocation Implementations
15:51:08 [darobin]
marcos: I looked at chrome, opera, mobile safari
15:52:02 [darobin]
... firefox
15:52:26 [darobin]
... I made a critical framework including Accessibility, Control, and Confidentiality
15:53:00 [jochen]
jochen has joined #privacy
15:53:12 [dom]
(the book/author are "Database Nation: The Death of Privacy in the 21st Century", by S. Garfinkel)
15:53:19 [darobin]
... in iOS, all apps must get user permission
15:53:33 [dom]
-> Marcos' paper: Privacy of Geolocation Implementations
15:54:11 [dom]
it actually was The Future of Reputation: Gossip, Rumor, and Privacy on the Internet, Solove
15:54:15 [darobin]
... lots of modal dialogs lead to click fatigue, you can't see what's on the website while the dialog is up
15:55:10 [darobin]
[less scribing for Marcos as he has slides people can read]
15:55:42 [darobin]
... iOS has 50 pages of unreadable text with unclickable URLs
15:55:47 [darobin]
... it's super frustrating
15:55:48 [dom]
"hard to read gray" (tm)
15:55:57 [darobin]
... but users probably just don't care
15:56:28 [darobin]
... revocation can only be done in a very well hidden screen
15:56:48 [darobin]
... potentially that could be improved [speaker enjoys udnerstatements]
15:57:01 [darobin]
... in v4 there's an indicator
15:57:10 [darobin]
... there's a semiotic connection there
15:57:51 [darobin]
sören: I had a problem with the first dialog — does "current" location mean current = now or current as in always current
15:57:57 [darobin]
marcos: yes, it's unclear
15:58:08 [darobin]
alissa: does the permission time out after 24h
15:58:09 [dom]
[I wonder if any of the implementations make a distinction between watchPosition() and getCurrentPosition() ]
15:58:11 [DKA]
[also, it does not ask you "remember? yes/no"
15:58:12 [darobin]
marcos: I don't know
15:58:45 [darobin]
... verdict: iOS not very accessible, some level of control, some level of confidentiality
15:59:25 [darobin]
... moving on to firefox
15:59:50 [darobin]
... more control, non-modal, access to learning more about the privacy policies
15:59:55 [karl]
[It would be fun to be able to define shapes of location forbidden for tracking. Automatic switch… but how do you know you are out of the shape :)
16:00:04 [darobin]
... the FF guys have done great work
16:00:07 [darobin]
... but
16:00:31 [darobin]
... if you want to do more advanced tasks, you gotta go to access:config
16:00:37 [darobin]
... way too technical
16:01:14 [darobin]
... it will even warn you against hacking it
16:02:01 [darobin]
... verdict: hard to manage sites, control hard to change, hard to make confidential
16:02:19 [darobin]
tlr: can you remind me how I can find out whether a site I'm using is tracking me?
16:02:35 [darobin]
marcos: it's somewhere under tools
16:02:39 [darobin]
... not easy
16:02:45 [darobin]
... looking at Opera now
16:02:56 [darobin]
... similar to FF, no access to privacy policy
16:03:28 [darobin]
... reason for that is that on first use of the feature we display T+C for the service
16:04:03 [darobin]
... it's quite bad, it has links but no back button so that if you click one of the links you lose the policy and can't read the rest
16:04:12 [darobin]
... this is what happens when you mate lawyers and UI people
16:04:18 [darobin]
... we are going to fix that
16:04:43 [darobin]
... FF approach better
16:05:06 [darobin]
dka: this is the geo policy right, not the requesting site's policy?
16:05:10 [darobin]
marcos: correct
16:05:37 [darobin]
... our location provider dialog is also in opera:config
16:05:44 [darobin]
... a little more accessible than the FF version
16:06:07 [darobin]
... some built a fake Opera Unite geo provider so that people can fake their own location
16:06:13 [darobin]
... which is handy
16:06:34 [darobin]
... the contextual help for the dialog says "no data available"
16:07:01 [darobin]
verdict: accessibility yes, control yes but hidden, confidentiality yes
16:07:25 [darobin]
... now looking at chrome
16:07:44 [darobin]
... kudos to the chrome guys for solving the embedding problem
16:08:00 [darobin]
... we people who work for browser vendors are kind of unique
16:08:37 [darobin]
... verdict: accessibility yes, control yes but no control over provider, confidentiality yes
16:09:14 [darobin]
... do we need more standards for UI? or leave it to the market?
16:09:26 [rbarnes]
side-by-side comparison of the four desktop implementations on Mac OS:
16:09:28 [darobin]
... equivalent to the padlock for https
16:09:52 [darobin]
... browsers have different icons, should we align? and if so how?
16:10:08 [darobin]
... we compete on user experience
16:10:21 [dom]
[the limit of UI indicators is: how many of them can you usefully deploy as the number of indicators grow (e.g. with the number of APIs]
16:10:28 [darobin]
sören: there's also the RSS icon where the market found a solution
16:10:56 [darobin]
karl: what's frustrating with multi browsers is that you have to control your preferences n times
16:11:02 [darobin]
... it would be good to have a common standard for that
16:11:12 [darobin]
marcos: people use different browsers for different things
16:11:19 [darobin]
[scribe agrees with karl]
16:11:53 [darobin]
chris: am I gonna to have to go through all these menus and indicators?
16:12:04 [darobin]
marcos: depends on how much you care about revoking and various services
16:12:05 [rbarnes]
+1 to karl / ian / scribe
16:12:14 [darobin]
... the ccritical side is the server-side too
16:12:28 [darobin]
... we're going to fix it over time though, don't know how but that's why we're here
16:12:36 [karl]
[it could be multiple profiles, but a standard format across browsers for preferences including privacy settings would be super helpful]
16:13:27 [darobin]
sören: I think it's okay to have complexity because at one point in time you will have an addon that hides that complexity. We can have complexity so long as there is a way for third-parties to fix it
16:13:35 [darobin]
marcos: there is no API to access this though
16:14:02 [darobin]
tlr: for our purpose there is a UA that has access to a sensor, there are inherent issues with that and how it interacts with the web
16:14:18 [darobin]
drogersuk: in desltop we have more screen space, in mobile it's constrained
16:14:33 [darobin]
... you run the risk of having lots of blinking lights that make things hard to use
16:14:49 [darobin]
marcos: yes, we're looking for solutions
16:15:57 [darobin]
richard: a lot of the implementation concerns ought to be rolled back into the spec
16:16:09 [darobin]
... it's striking how similar the implementations are
16:16:21 [darobin]
marcos: people are violently against this, there might be a new WG?
16:16:42 [drogersuk]
no need to create another working group
16:16:53 [drogersuk]
confront this head on in our existing working groups
16:16:57 [drogersuk]
(my view)
16:17:09 [darobin]
16:17:29 [darobin]
ioannis up now
16:17:30 [karl]
16:17:56 [darobin]
ioannis: location privacy is not just about not revealing where you are right now, but mostly about past locations
16:18:30 [karl]
[location privacy idea: if you are at less than 500m from this person, hides me]
16:18:31 [darobin]
... some services don't require that you identify yourself to use geo
16:18:41 [darobin]
... eg google maps don't require a google account
16:18:46 [darobin]
.... we like that usage
16:18:50 [karl]
16:19:14 [darobin]
... we want to provide unlinkability between the locations that have been provided
16:20:09 [darobin]
... threat comes from unique identifiers (IP addresses, esp ipv6, cookies, LSO) plus geo
16:20:18 [karl]
[people laughing at]
16:20:22 [darobin]
... there are some defense mechanisms
16:20:33 [darobin]
... (shows the panopticlick study)
16:20:52 [darobin]
... footprinting attack remove the need for cookies
16:21:17 [darobin]
... 94% of browsers are unique if you have java/js/flash
16:21:48 [darobin]
... footprinting can therefore be used in conjunction with geo, which can lead to building location traces
16:22:11 [darobin]
... services might not know to whom the location belong, but it only takes one idenfitication to create that link
16:22:19 [darobin]
... FB Share for instance is enough
16:22:45 [darobin]
... another attack can be built on the fact that people move in restricted spaces and move in restricted patterns
16:23:47 [darobin]
... the threat becomes more interesting if we think of 3rd party geo providers who accumulate information sent to many websites
16:24:17 [darobin]
... they concentrate a lot of information
16:24:42 [darobin]
... solution approaches with privacy by policy
16:25:02 [darobin]
... but these are not tamper proof against stronger attackers not deterred by regulation
16:25:09 [darobin]
... and accidental disclosure happens
16:25:54 [darobin]
... looking at privacy by design, there's minimisation (for geo, granularity of information)
16:26:08 [darobin]
... but this does not solve the 3rd party geo provider issue
16:26:20 [darobin]
... and also only works when precise location is not required
16:26:51 [darobin]
... we could decrease footprinting, e.g. suppressing Java
16:27:39 [darobin]
... we could have a monitoring process that computes our general privacy exposure
16:27:45 [dom]
[but who monitors the monitor? :) ]
16:28:02 [karl]
[need to be on the browser side?]
16:28:25 [darobin]
... maybe the W3C could enforce some additional measures for web browsers
16:28:58 [darobin]
tlr: we might persuade, not sure we can send the conformance police
16:29:36 [darobin]
henry: what you're pointing out is that geo info is sent and can be tied to identity — what is needed is a very clear way for users to change identities, not sure it is possible
16:29:58 [darobin]
... currently at the SSL layer, browsers send certificates without asking you, it is hard to change
16:30:10 [darobin]
... FF working on an identities framework
16:30:17 [darobin]
... privacy is identity plus extra information
16:30:27 [darobin]
... if you can't change the identity you're in trouble
16:30:49 [darobin]
tlr: no, there are ways of tracking users based on incidental information — no need for actual identity to track
16:31:00 [darobin]
... how do we avoid unintended user identification
16:31:14 [darobin]
dave: it's very difficult to prevent footprinting attacks
16:31:49 [darobin]
dave: you said you wanted to reveal when the user has revealed "too much". How? What is too much?
16:32:07 [darobin]
ioannis: we would need a metric, we don't have it now
16:32:37 [darobin]
... it depends on the level of precision of your location, the frequency, the location of what it is (house or other)
16:32:40 [bblfish]
bblfish has joined #privacy
16:32:43 [darobin]
... lots of contextual information needed
16:32:54 [darobin]
... I don't think that we have the means to do it right now
16:33:24 [darobin]
dom: related to massive data aggregration, does any implementation distinguish between getPosition and watchPosition?
16:33:37 [darobin]
... and throttling
16:33:45 [darobin]
marcos: Opera does, though it's a bit hidden
16:34:05 [darobin]
dom: you're talking about the service provider, not at the API level
16:34:08 [darobin]
marcos: I don't know
16:34:20 [darobin]
sören: wouldn't it be great if Amaya implemented geo?
16:34:30 [darobin]
tlr: we'd need a javascript runtime first...
16:34:41 [darobin]
marcos: we haven't had that many issues, no showstoppers
16:34:58 [darobin]
ianf: suggestions that now that we have this experience we shold shove it in the spec
16:35:05 [karl]
[just for clarification, Amaya is not a reference implementation, but a tool to test a few things]
16:35:10 [darobin]
... I think that we're still experiementing, shouldn't overspecify
16:35:23 [darobin]
... great to document best practices, but we should be careful with detail
16:36:02 [darobin]
richard: I wasn't thinking about making it normative, but document it in the spec so that it is captured
16:36:19 [darobin]
jochen: it is important to keep in mind when writing specs that someone will have to implement it
16:36:46 [darobin]
dka: this is important because geo is rechartering, this is useful feedback
16:37:02 [bblfish]
so one issue is simply that it should be possible for the user to change their logged on identity. I think Firefox is working on the Weave plugin, which I suppose I am now thinking is an important solution.
16:37:06 [darobin]
... what can we pull out of this that could apply to DAP, eg the camera?
16:37:19 [darobin]
... can we apply the geo lessons to camera, etc. or is it all too different?
16:37:39 [bblfish]
then there are issues with client certs. Chrome has a bug issue on this
16:37:39 [darobin]
jochen: one basic thing is that it ought to be asynch
16:38:47 [darobin]
robin: all the DAP APIs have asynch security entry points
16:39:09 [darobin]
karl: do we know how many people want to share their location versus people who just want to know their location?
16:39:18 [darobin]
jochen: I don't have data about that
16:40:17 [darobin]
dom: notion that accessing the data locally will have a different impact than getting it off the network — though of course if you have a map it goes back to the map provider
16:40:33 [darobin]
ianf: most browsers use a remote service to get the lcoation anyway
16:40:48 [darobin]
tlr: that's one provider though, as opposed to an indeterminate number of sites
16:41:21 [darobin]
henry: issue with javascript and asynch, what happens if your browser is a web server and your geo data is at a URL
16:41:40 [darobin]
[scribe sort of loses the point]
16:42:00 [darobin]
marcos: it's always more complicated, switching to REST doesn't change the fundamental problems
16:42:51 [darobin]
drogersuk: issue with passing information in URLs
16:43:05 [darobin]
marcos: that's not a problem, the communication channel needs to be secure
16:43:20 [darobin]
16:43:41 [darobin]
adjourn to beer
16:44:18 [wonsuk]
wonsuk has left #privacy
17:18:07 [karl]
karl has joined #privacy
17:22:44 [alissa]
alissa has joined #privacy
17:24:06 [alissa]
alissa has joined #privacy
18:07:25 [bblfish]
bblfish has joined #privacy
18:09:57 [MikeSs]
MikeSs has joined #privacy
18:20:10 [MikeSs]
MikeSs has joined #privacy
18:30:25 [MikeSs]
MikeSs has joined #privacy
20:51:05 [jmorris]
jmorris has joined #privacy
20:55:35 [jmorris_]
jmorris_ has joined #privacy
21:31:03 [jochen]
jochen has joined #privacy
22:02:16 [jmorris]
jmorris has joined #privacy
22:52:55 [karl]
22:53:43 [karl]
Which Identities Are We Using to Sign in Around the Web?
23:01:19 [bblfish]
bblfish has joined #privacy
23:17:12 [dsinger]
dsinger has joined #privacy
23:30:44 [mischat]
mischat has joined #privacy