Re: [ietf-privacy] Is there an official working definition for Privacy Online?

"Christian Huitema" <huitema@huitema.net> Mon, 02 May 2016 21:30 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 305D812D643 for <ietf-privacy@ietfa.amsl.com>; Mon, 2 May 2016 14:30:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EfEUxDxQZkUv for <ietf-privacy@ietfa.amsl.com>; Mon, 2 May 2016 14:30:17 -0700 (PDT)
Received: from xsmtp03.mail2web.com (xsmtp23.mail2web.com [168.144.250.186]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95C8D12D59D for <ietf-privacy@ietf.org>; Mon, 2 May 2016 14:30:17 -0700 (PDT)
Received: from [10.5.2.17] (helo=xmail07.myhosting.com) by xsmtp03.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1axLPd-0007nI-3u for ietf-privacy@ietf.org; Mon, 02 May 2016 17:30:15 -0400
Received: (qmail 25036 invoked from network); 2 May 2016 21:29:52 -0000
Received: from unknown (HELO huitema2) (Authenticated-user:_huitema@huitema.net@[131.107.159.60]) (envelope-sender <huitema@huitema.net>) by xmail07.myhosting.com (qmail-ldap-1.03) with ESMTPA for <dcrocker@bbiw.net>; 2 May 2016 21:29:51 -0000
From: "Christian Huitema" <huitema@huitema.net>
To: <dcrocker@bbiw.net>, "'Joseph Lorenzo Hall'" <joe@cdt.org>
References: <552FCC84.6040305@gmail.com> <CA+9kkMCYuEGRidB1D=SGA0qxk+SuX6+HyqToYDmqQVmpBskWrw@mail.gmail.com> <5530329E.4060608@dcrocker.net> <01F784DA-5FD5-4D1F-8613-C2E668EDA765@isoc.org> <55311CE9.9040003@dcrocker.net> <DB3PR07MB138A042321BB99DF9AB94A4BCE30@DB3PR07MB138.eurprd07.prod.outlook.com> <55313140.9040400@dcrocker.net> <015a01d0798d$509954c0$f1cbfe40$@huitema.net> <CABtrr-X6CgN3J0dA1YBED0j6K7D5Mt2NAbUwGF5E67BoFX9JUQ@mail.gmail.com> <57268D25.3070708@dcrocker.net>
In-Reply-To: <57268D25.3070708@dcrocker.net>
Date: Mon, 2 May 2016 14:29:51 -0700
Message-ID: <029801d1a4b9$c3b57850$4b2068f0$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIRn24UXpam7p4MWMj1TG/qJdzQbwIUXXnFAgAunf4BWwzsBwHBfS+BASjg1R0B2kkgkgCwVb60AcWHRBACtkZ/qZ6rJynQ
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf-privacy/fMs1JVN6e0RvRgWdIjP0b_ZT7qY>
Cc: ietf-privacy@ietf.org, 'Josh Howlett' <Josh.Howlett@jisc.ac.uk>
Subject: Re: [ietf-privacy] Is there an official working definition for Privacy Online?
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 May 2016 21:30:19 -0000

On Sunday, May 1, 2016 4:12 PM, Dave Crocker wrote:
> 
> If the term is to be a non-technical and vague reference, then let's stop
using it
> as if it were a technical term.  Philosophical, academic and social terms
are
> fine; the problem is when we use them as if they pertained to technical
> specifics.

Well, we do use the term "security" liberally, don't we? It is certainly
just as vague, but it is useful as a section header. It encourages protocol
designers to be concerned with the broad issue of security attacks. I think
that we have consensus that protocol designers should also be concerned with
the broad issue of privacy attacks.

> If we intend the term to have technical utility, it's needs precise and
useful
> definition.

It took some time to establish categories for security attacks -- denial of
service, information disclosure, spoofing, elevation of privilege, etc. The
analysis of privacy attacks is not quite as advanced, but we start getting
broad categories, such as disclosure of the exchanged data, disclosure of
metadata, linkability of different activities, and disclosure of traffic
patterns. As we gain more experience, I expect that these categories will
stabilize.

-- Christian Huitema