Statements about TAG Nominees for 2017 Election

David Baron (Mozilla Foundation)*

I am a Distinguished Engineer at Mozilla, where I have worked since it became an independent company in 2003. I have been involved in the CSS community and the development of the Gecko layout engine (used in Firefox) since 1998. I have been Mozilla's representative to the W3C Advisory Committee and to the W3C's CSS Working Group since 2004, and a member of the TAG since a special election in May of 2015.

In my role at Mozilla, I implemented major CSS features such as media queries, CSS transitions and animations, and the CSS calc() function, designed and implemented the reftest regression test format for layout tests, and have been involved in the development of many aspects of Gecko from design and implementation of architectural changes to security bug fixing.

As a participant at the W3C, I edited the CSS Color Module, CSS Conditional Rules, CSS Transitions, CSS Animations, and the CSS Overflow Module, and I have been deeply involved in much other work in the CSS working group, and involved in the work of other groups as well.

I hope to see the TAG move the Web in a direction that makes it better for both its end users and for developers. A big part of this is the path in the Extensible Web Manifesto, which promotes exposing lower-level APIs that allow building higher-level APIs without first freezing them into browsers. This lets developers build new technology more quickly, and at the same time gives us a better way to manage the increasing complexity of Web technology. As we do this, we should keep the Web's technology deserving of the trust of users, so that users can stay secure and in control even when using Web sites that they don't fully trust. In some cases, this may mean balancing the power of new APIs with the ability of the browser and the user to intervene and meaningfully modify the behavior for a better experience. I'd like to continue to be part of a TAG that encourages the Web to move in this direction.

I'd also like the TAG to continue to help advise and mentor contributors to standards, and help to grow the set of people who can effectively contribute to standards. This involves both being receptive to questions brought to the TAG, and helping to generalize and document the advice that we give so that it is accessible to and useful to others. In this role, the TAG should balance keeping the Web platform consistent with itself with allowing innovation from a broad group of contributors.

Andrew Betts (Fastly)*

Microsoft is pleased to re-nominate Andrew Betts for this TAG election. In the TAG's role guiding the development of web standards, Andrew brings the important perspective of the web development community, as a practical web developer with a career spanning almost 20 years, leader of several major open source projects, and organiser of web development community events ranging from meetups to major conferences. It's essential for the TAG to balance the expertise of implementers with the problems and demands of developers, and Andrew is qualified to represent the developer constituency.

Andrew is principal developer advocate for Fastly (a content delivery network focused on fast, secure and scalable content delivery for customers such as the New York Times and GitHub), and formerly head of front end standards at the Financial Times in London, where he spent a year on secondment to Nikkei in Tokyo. He is founder of two startups, and a leading organiser in the developer community.

FT has been well regarded for making practical and innovative use of web technology in products such as the FT progressive web app (www.ft.com), and for making significant contributions to open source via projects such as Fastclick (https://github.com/ftlabs/fastclick). While at the FT Andrew started polyfill.io, which now serves around 5 billion polyfills per month to upgrade the web for millions of users.

In terms of events, Andrew has participated in the program committee for O'Reilly's Velocity conference (http://conferences.oreilly.com/velocity), has organised many developer events through the London Web Performance and Edge conf (https://edgeconf.com) brands, and is also a prolific conference speaker on web technologies.

In his first term on the TAG, Andrew authored the TAG findings "Polyfills and the evolution of the web" (https://www.w3.org/2001/tag/doc/polyfills/) and "Distributed and syndicated content" (https://www.w3.org/2001/tag/doc/distributed-content/) and was a contributor on "The evergreen web" (https://www.w3.org/2001/tag/doc/evergreen-web/). He has an interest in improving communication and documentation practices, and organising events that engage the broader developer community in which he works every day. He has specific technology interests in installable and discoverable web apps, paid and premium content, performance monitoring, web payments, caching and networking.

Reto Gmür (FactsMission)

I never wanted to be an astronaut, but since I know about the TAG I've been dreaming of becoming one of its member, one day...

I believe that a simple, elegant and well integrated set of web standards can change society for the better. In 2002 I first presented the concept of a trust based social network for the decentralised exchange of RDF content. Even if since then I've been focusing on standard Linked Data technologies, the idea of integrating trust and social aspects might be more topical now than ever before. I've been working for Adobe and HP labs as well as several startup companies and in European research projects on topics such as semantic content management and graph versioning. Besides everything related to Linked Data I've a strong interest in accessibility and internationalization.

While I'm new to the structures of the W3C I believe to be able to bring fresh perspectives and motivation to keep the web simple yet capable of facing the pressing societal needs. In my experience I'm good at separating hype from solid future proof innovation. I believe that a worthy contribution to the TAG is more about setting priorities and demanding simplicity rather than the ability to scrutinize specs all night long, because of this I don't regard my neurological condition as an impediment even if it makes me less productive than I used to be.

My company FactsMission AG is a startup company based in the bilingual town of Biel/Bienne (Switzerland). The goal of FactsMission is to use Linked Data technologies to help distinguishing facts from noise. We help public and private organizations to publish data following Data on the Web Best Practices so that it can be used in a credible fact checking infrastructure. We are active in several open source projects: Twee-Fi for example, a project based on LDP and schema.org, allows to review claims made in tweets. It has been clear since our founding that contributing to the W3C is important to us, we would be happy to intensify our commitment by participating in the TAG.

Lukasz Olejnik (W3C Invited Expert)

Lukasz was nominated by Center for Democracy and Technology.

I have been actively involved in security and privacy of the web for 8 years now. My experience includes work as an independent consultant, academic, researcher, as well as work with industry firms and policy bodies. I completed a PhD in computer science (Privacy) from INRIA (Institut National de Recherche en Informatique et en Automatique). As a privacy engineer, and researcher, I most recently worked on the European ePrivacy Regulation, which is very related to the web and web browsers. Accordingly, I have extensive and broad experience from industry, academia, and technology policy. My research includes areas such as techniques and consequences of data leakage (e.g. browsing history); web tracking, profiling and fingerprinting; privacy engineering and privacy by design. Currently, I work as an independent security and privacy consultant and a researcher.

I have worked on the impact of security and privacy of web APIs, an area that is important to web browsers and the W3C. A few notable examples include my involvement in work on the Battery Status API, Ambient Light Sensors API, and Payment Request API. I contributed to their analysis, privacy risk assessment, and then demonstrating how they could be misused as well as helping to improve these standards to avoid such misuse. As part of my research, I identified actionable recommendations on privacy-aware design of APIs. This is all to say I have some understanding of W3C APIs, its designs, and the unintended aspects that may have unexpected consequences.

I believe that focusing part of TAGs work on architecture and strategy, timely responding to current developments and helping and providing guidance would be beneficial. As such, my focus in TAG would be mainly on security, privacy from a number of angles. My key aim would be helping to study and hopefully improve the W3C Process in relation to security, privacy and digital ethics, as I believe the TAG’s role is instrumental in these respects. Notably, since European technology regulatory landscape is taking a dramatic overhaul in 2018, the TAG’s role will need to identify and respond to any challenges. I would bring experience from multiple domains to TAG, including technology regulations such as GDPR and the EU ePrivacy regulations.

I have been a W3C Invited Expert in the Device and Sensors WG since 2015 as well as a member of the Privacy Interest Working Group. In 2017, I also joined the Web Payments Working Group. I am happy with my work having had impact on W3C, browsers and web standardization. I had the pleasure of studying a number of interesting cases. Notably the Battery Status API [1], where we identified a number of unintended consequences that could lead to information leaks or even user tracking. Soon afterwards, this mechanism has indeed been found used by malicious scripts [2]. Ultimately these findings may have influenced decisions by browser vendors such as Firefox and WebKit to remove the functionality [3], and convinced some vendors to introduce user interface changes. Furthermore, this example provided a useful use case study hopefully improving privacy engineering of web standards and browsers [4]; notably making stringent defaults and operational assumptions for web sensors. During my work at DAS WG and based on my research and experience I developed a unique approach to analysing web standardization. One of its application has been the analysis of Ambient Light Sensors [5]. I’m also sometimes picky when it comes to clarity of specifications that may lead to consequences for implementations, as in the case of Web Request API [6]. In summary, I picked three examples of standards where I assessed privacy that resulted in amended specifications and implementations.

For more about my work you can visit this site https://lukaszolejnik.com or blog https://blog.lukaszolejnik.com

[1] L. Olejnik, G. Acar, C. Castelluccia, C. Diaz, “The leaking battery: A privacy analysis of the HTML5 Battery Status API”, Data Privacy Management, 2015;
https://lukaszolejnik.com/battery.pdf
[2] S. Englehardt, A. Narayanan, “Online Tracking: A 1-million-site Measurement and Analysis”, The ACM Conference on Computer and Communications Security (CCS) 2016;
http://randomwalker.info/publications/OpenWPM_1_million_site_tracking_measurement.pdf
[3] Bug 1313580 - Remove web content access to Battery API;
https://bugzilla.mozilla.org/show_bug.cgi?id=1313580
[4] L. Olejnik, S. Englehardt, A. Narayanan, “Battery Status Not Included: Assessing Privacy in Web Standards”, International Workshop on Privacy Engineering 2017;
http://lukaszolejnik.com/AssessingPrivacyWebStandardsIWPE17.pdf
[5] “Stealing sensitive browser data with the W3C Ambient Light Sensor API”, 2017;
https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
[6] Privacy of Web Reqwuest API, 2017;
https://blog.lukaszolejnik.com/privacy-of-web-request-api/