Access restrictions #135
Comments
|
Given the W3C's Priority of Constituencies, we need to put the user's needs first, before the needs of some parties to access their information. For example, if a certain well-known information-abuser is asking for that information, what should the browser do? The link above states that "If a trade-off needs to be made, always put user needs above all". As such, it seems that choosing the user's interests over information abusers' is the right tradeoff to make. |
|
I’m grateful for the reminder concerning the priority of constituents which reads in the latest draft of October 2020 as.
Publishers The needs of publishers are considered more important than web browser vendors. Publishers (web site operators) must not be limited from choosing their suppliers by technical standards or by technical standards that provide the opportunity for their vertically integrated competitors who operate web browsers to limit their choices in practice. This chapter in the proposal and the associated permissions policy proposal create precisely such an outcome. Who Represents Users? The document is silent concerning the resolution of conflicting "user’s needs" and who gets to decide on what user’s needs are. For example; is ease of access to free content and services more or less important than the private information that the entity providing the service without charge requires in exchange? Is the need to protect citizens from harmful content or fraud more or less important than an individual’s anonymity in all situations? What about choice and people being able to change their preferences at different times depending on what they are doing? Law makers are the only authority who can make these decisions for society, yet they are not mentioned. Continuing; who gets to decide who is a "well-known information-abuser"? No private business would wish to place themselves in the position of making such a decision. Such decisions are for law makers and their agencies alone. Should any company that appears on the GDPR enforcement tracker be placed on the “well-known information-abusers” list and sanctioned? |
|
Ultimately users get to decide on their needs, and can choose a browser that best serves those needs. My personal opinion is that browsers should have the flexibility to offer these choice by implementing default policies, or exposing different choices through browser settings. Firefox Tracking Protection is a good example, see about:preferences#privacy in Firefox -- Standard mode is the default, but users can opt into a Strict policy, or customize the policy somewhere in between the two. Firefox's "resist fingerprinting" mode is another example, https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting
I think Yoav is likely referring to "trackers" here. Lots of projects exist today that create such lists, for example, https://disconnect.me/trackerprotection, https://github.com/duckduckgo/tracker-radar, https://easylist.to/easylist/easyprivacy.txt among others. And some browsers incorporate them (Firefox, Vivaldi, DuckDuckGo Privacy Browser, etc.), and market it as a competitive advantage. |
At various times it has been proposed that the implementation of this specification might restrict access to information to some parties based on rules or policies as yet undefined. The section titled “Access Restrictions” advises implementors MAY impose restrictions. Why is this section needed? Inconsistent access restrictions are inconsistent with W3C’s One Web mission.
See this pull request which incorporates experiment feedback and review from interested users and other stakeholders for proposed text changes.
The text was updated successfully, but these errors were encountered: