Open SpencerDawkins opened 2 months ago
The privacy concern is the other way around: from the user's device to the ISP. Such as: is the application name disclosed to the ISP? Is the server name disclosed to the ISP (contravening TLS encrypted SNI)? Is the specific video disclosed to the ISP ("watch the new $moviename without consuming your monthly bandwidth!", "the government asked the ISP to disclose if you're watching the video of last week's protest").
@danwing those are valid concerns, but there are concerns in both directions I believe, e.g., can the network expose unique user identities to the application (e.g., MSISDN), the type of subscription the user has, user location.. and what does that mean for user privacy?
Now that we have added deliverables to the charter, I propose this issue should be addressed in the "SCONEPRO protocol" deliverable.
If making the signal available to applications is the goal, does that have unwanted properties?
This is related to questions from the BOF about the implications of entirely encrypted channels being available between endpoints and network elements (and from PLUS).