Skip to content
This repository has been archived by the owner on Dec 29, 2023. It is now read-only.

Privacy #27

Closed
mnot opened this issue Mar 24, 2022 · 4 comments
Closed

Privacy #27

mnot opened this issue Mar 24, 2022 · 4 comments

Comments

@mnot
Copy link
Owner

mnot commented Mar 24, 2022

Jari says:

Section 6.1 talks about relationship between centralization and privacy, and points out that there's sometimes a tradeoff. I would argue that this is heavily dependent on what we're talking about. We're far along on the mission to encrypt all communications. Many of the remaining privacy issues are made worse, not better, by centralization. E.g., one entity has access to all your mail or browser history or other things. Perhaps the 6.1 language could be improved, as it currently reads a bit like focusing on privacy in standardisation and leaving centralisation to other entities. I’m not sure that’s always desirable, particularly if we want to address privacy.
@mnot mnot added the work item Well-defined issue that need spec text label May 15, 2022
@jariarkko
Copy link

I'm not happy with the below text, but to get us started, here's a proposal:

Replace last paragraph in Section 6.1 with:

When we find centralization risk, we should consider its relationship
with other goals, such as privacy. While abstract goals such as these
are rarely entirely separate from each other,
attention should be paid to how effective architectural regulation
(such as a standards effort) is in achieving each goal. For instance,
a technical mechanism might be much more effective at
improving some privacy concerns, whereas some aspects of centralization could be
better controlled by other regulators. This might lead us to conclude that the standards
effort should focus on technical matters such as privacy. However, because topics such as
privacy are not entirely separate from other issues, this is perhaps a too quick conclusion.
For instance, centralization and consolidation often helps increase some aspects of
privacy concerns, such as collecting more data in one set of hands. While such data can be
well guarded by both technical and non-technical means, it also clearly increases the risk of
attacks on such data stores, or commercial or government pressures to use the data in some way.

mnot added a commit that referenced this issue May 22, 2022
@mnot
revise privacy discussion
f9da3dd 
For #27
@mnot
Copy link
Owner Author

mnot commented May 22, 2022

@jariarkko PTAL

@mnot mnot removed the work item Well-defined issue that need spec text label May 22, 2022
@mnot
Copy link
Owner Author

mnot commented May 23, 2022

Closing to keep the issues list clean :) but please say so if you're not happy with that.

@mnot mnot closed this as completed May 23, 2022
@jariarkko
Copy link

FWIW, the latest version is good on this issue.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mnot @jariarkko