Thirdparty: Difference between revisions

Jump to navigation Jump to search

Thirdparty (view source)

Revision as of 19:21, 9 June 2010

610 bytes added ,  9 June 2010
→‎Overview
Line 5: Line 5:
= Overview =
= Overview =


'''Problem:''' Privacy on the web is not well controlled by the user. There are cases where the user has explicit and desired relationships with sites (or, in the broader sense, entities), and also expects and understands that those entities may have relationships with other entities. A good example of this is Facebook Connect, where establishing a relationship between the user, a site such as Digg, and Facebook is an explicit and desirable thing; in these cases, the user has given ''informed consent''.
== Problem ==


However, there are cases where this is not true. This may be due to ''implicit consent'', where a legitimate relationship exists but the user is not aware of it; in other cases, ''unintended consent'', where a relationship exists that, were the user aware of its existence and scope, would not agree to it. Examples of the former could be the Facebook "Like" button, which can allow Facebook to determine what sites a user is visiting without their knowledge; or credit unions, where the exchange of information (via the browser) with a third party domain to implement various banking functions is common. An example of the latter would be online advertising companies building behavioral databases of user behavior, consisting of their actions across many sites over time. Such databases, if expansive enough in scope, can be used to gather ''personally identifiable information'' (PII) without user expectation or consent.
Privacy on the web is not well controlled by the user. There are cases where the user has explicit and desired relationships with sites (or, in the broader sense, entities), and also expects and understands that those entities may have relationships with other entities. A good example of this is Facebook Connect, where establishing a relationship between the user, a site such as Digg, and Facebook is an explicit and desired action; in these cases, the user has given ''informed consent''.


'''Goals:'''
However, there are cases where this is not true. This may be due to ''implicit consent'', where a legitimate relationship exists but the user is not aware of it, or does not understand its extent; in other cases, ''unintended consent'', where a relationship exists that, were the user aware of its existence and scope, would not agree to it. Examples of the former could be the Facebook "Like" button, which can allow Facebook to determine what sites a user is visiting without their knowledge; or credit unions, where the exchange of information (via the browser) with a third party domain to implement various banking functions is common. An example of the latter could be online advertising companies building behavioral databases of user behavior, consisting of their actions across many sites over time. Such databases, if expansive enough in scope, can be used to gather ''personally identifiable information'' (PII) without user expectation or consent.


*Stop behavioral tracking to the maximum extent possible, except where the user specifically wants it. (Note: this includes more than cookies.)
== Goals ==


*Allow common legitimate cases, such as Facebook Connect, OpenID, bank logins and such, to work as seamlessly as possible.
*Improve user awareness of what they're consenting to, be it informed, implicit or unintended. There are two broad approaches to this: improving awareness in general, such as by education efforts; and in specific cases, by making it clearer within the browser what relationships exist between entities on the web.


*To make this the default setting in Firefox 4.
*Make it easier for the user to specify and control the relationships to which they consent, and those to which they do not, in as seamless a way possible. For the cases where the user does not explicitly consent, or explicitly rejects a specific relationship, honor that decision.
 
*With the above in mind, ensure that popular and useful services on the web -- such as Facebook Connect, OpenID, and banking -- continue to work as seamlessly as possible.
 
*Contingent on user experience and quality of implementation, enable these policies and controls by default for Firefox 4.


= Use cases =
= Use cases =
Dwitte
148

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/229404"

Navigation menu