Report from the Internet Privacy Workshop
RFC 6462
Internet Architecture Board (IAB) A. Cooper
Request for Comments: 6462 January 2012
Category: Informational
ISSN: 2070-1721
Report from the Internet Privacy Workshop
Abstract
On December 8-9, 2010, the IAB co-hosted an Internet privacy workshop
with the World Wide Web Consortium (W3C), the Internet Society
(ISOC), and MIT's Computer Science and Artificial Intelligence
Laboratory (CSAIL). The workshop revealed some of the fundamental
challenges in designing, deploying, and analyzing privacy-protective
Internet protocols and systems. Although workshop participants and
the community as a whole are still far from understanding how best to
systematically address privacy within Internet standards development,
workshop participants identified a number of potential next steps.
For the IETF, these included the creation of a privacy directorate to
review Internet-Drafts, further work on documenting privacy
considerations for protocol developers, and a number of exploratory
efforts concerning fingerprinting and anonymized routing. Potential
action items for the W3C included investigating the formation of a
privacy interest group and formulating guidance about fingerprinting,
referrer headers, data minimization in APIs, usability, and general
considerations for non-browser-based protocols.
Note that this document is a report on the proceedings of the
workshop. The views and positions documented in this report are
those of the workshop participants and do not necessarily reflect the
views of the IAB, W3C, ISOC, or MIT CSAIL.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Architecture Board (IAB)
and represents information that the IAB has deemed valuable to
provide for permanent record. Documents approved for publication by
the IAB are not a candidate for any level of Internet Standard; see
Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6462.
Cooper Informational [Page 1]
RFC 6462 2010 IAB-W3C-ISOC-MIT Privacy Workshop January 2012
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
1. Introduction ....................................................3
2. Workshop Overview ...............................................3
2.1. Technical Discussion .......................................4
2.2. SDO Discussion .............................................5
3. Design Challenges ...............................................6
3.1. Ease of Fingerprinting .....................................6
3.2. Information Leakage ........................................7
3.3. Differentiating between First and Third Parties ............8
3.4. Lack of Transparency and User Awareness ....................9
4. Deployment and Analysis Challenges ..............................9
4.1. Generative Protocols vs. Contextual Threats ................9
4.2. Tension between Privacy Protection and Usability ..........11
4.3. Interaction between Business, Legal, and Technical
Incentives ................................................12
4.3.1. Role of Regulation .................................12
4.3.2. P3P: A Case Study of the Importance of Incentives ..13
5. Conclusions and Next Steps .....................................14
5.1. IETF Outlook ..............................................14
5.2. W3C Outlook ...............................................15
5.3. Other Future Work .........................................15
6. Acknowledgements ...............................................15
7. Security Considerations ........................................15
8. Informative References .........................................16
Appendix A. Workshop Materials ....................................19
Appendix B. Workshop Participants .................................19
Appendix C. Accepted Position Papers ..............................21
Cooper Informational [Page 2]
RFC 6462 2010 IAB-W3C-ISOC-MIT Privacy Workshop January 2012
1. Introduction
Show full document text