On 22/08/13 17:11, Sid Stamm wrote: > On 8/13/13 2:28 AM, Mounir Lamouri wrote: >> I think there is a bit of confusion here. I meant to ask feedback >> regarding exposing the type, not exposing the bandwidth and the metered >> status. Or maybe exposing the type would be less of a problem than >> exposing the bandwidth and the metered status? I was mostly worried >> about privacy issues other than fingerprinting. Fingerprinting is an >> issue but it is something well understood and we can easily reduce the >> impact. > > I see. IMO, as long as users can turn this off somehow, the privacy > risk is minimal. The only thing that may concern me is if very few > people use a given type of connection in a geographical region and it > becomes identifying when you do.
Something that sounded like an issue to me was correlating that information with other information. For example, if a malicious website can fingerprint a user enough to identify him/her, adding the connection type might give information about the user changing places and even give information about where the user could be if for some reasons, the user only uses wifi from 7pm to 8am, he/she might very likely be at home at that point. Does that sound like a privacy problem? >>> I also wonder what kind of UI we'd make available for users' control. >>> Ideas? >> This said, the UI is a bit OT here I believe. > > Actually, I think the UI is on topic insomuch as it allows people to > control whether or not this API is sharing data about their connection. > Privacy is about more than just data, but control of how it's used; in > this way a UI that allows a user to disable things they don't like is > helpful for their privacy. I agree that UI can solve some privacy issue but shouldn't we also make sure that we have sane default values? I mean, trying to reduce/prevent fingerprinting seems to be mostly about that for example. Having a UI to disable the feature sounds like an option that would only be used by user who are actually aware of the privacy concerns. Or maybe people who are not aware of the privacy issues usually do not care about them? Cheers, -- Mounir _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
