After reading the draft and the comments, I think we mostly have an issue of scope. The draft seems very focused on "privacy related" measurements, such as detecting various means or censorship, and to a lesser degree on "usage related" documents, such as measuring how people actually use the Internet.
Previous comments have suggested expanding the scope of the draft to encompass other types of measurements, such as low level metrics, etc. I am concerned that broadening the scope implies a lot of work. It would also result in loss of focus, which would weaken the draft. My suggestion instead is to scope the draft, stating clearly in the title and abstract that this is intended for some specific types of measurements.
I perform quite a few measurements myself, working with ICANN to publish and update a set of "internet identifiers" metrics at ithi.research.icann.org. I was looking at the parallels between what we do and what the draft describes, checking whether we should improve our practice. I am not sure that I got much information. We do periodic series of DNS queries. Does that fall under the "scanning" recommendation? We publish aggregated statistics, some grouped by address prefixes or by names of service providers. Is there an expectation of privacy for service providers? Does that depend on their size? When we do active queries, does that fall under the scanning recommendations?
These are very specialized questions, each requiring an analysis of specific tradeoffs. Mallory's draft cannot possibly answer them all. But then, it would be nice if the draft acknowledged that, and focused on the parts that are clear. I really like the analysis of consent, what it implies for users to consent to add a measurement application on their devices. Maybe focus the draft on exactly that?
After reading the draft and the comments, I think we mostly have an issue of scope. The draft seems very focused on "privacy related" measurements, such as detecting various means or censorship, and to a lesser degree on "usage related" documents, such as measuring how people actually use the Internet.
Previous comments have suggested expanding the scope of the draft to encompass other types of measurements, such as low level metrics, etc. I am concerned that broadening the scope implies a lot of work. It would also result in loss of focus, which would weaken the draft. My suggestion instead is to scope the draft, stating clearly in the title and abstract that this is intended for some specific types of measurements.
I perform quite a few measurements myself, working with ICANN to publish and update a set of "internet identifiers" metrics at ithi.research.icann.org. I was looking at the parallels between what we do and what the draft describes, checking whether we should improve our practice. I am not sure that I got much information. We do periodic series of DNS queries. Does that fall under the "scanning" recommendation? We publish aggregated statistics, some grouped by address prefixes or by names of service providers. Is there an expectation of privacy for service providers? Does that depend on their size? When we do active queries, does that fall under the scanning recommendations?
These are very specialized questions, each requiring an analysis of specific tradeoffs. Mallory's draft cannot possibly answer them all. But then, it would be nice if the draft acknowledged that, and focused on the parts that are clear. I really like the analysis of consent, what it implies for users to consent to add a measurement application on their devices. Maybe focus the draft on exactly that?