hober
commented
3 years ago Solutions that fix one privacy threat in one model may cause one in another model. Lets acknowledge what the models are.
The Privacy CG is more focused on the nitty-gritty details of specific proposals; for big-picture questions about privacy at the W3C, I think PING is a much better fit for this kind of conversation. They're actively working on a Privacy Threat Model for the Web; perhaps you should raise issue(s) on that document?
There are numerous definitions of privacy right now, some even vary form proposal to proposal. Some companies claim aggregate is the future of privacy and single identity is a threat by design, while others claim that aggregate is worse for privacy causing hidden data leaks and loss of user control. I could list entire pages with each groups' cons of the other and the risks they pose. Then within each camp there are sub-camps that disagree on type of data or another technology is privacy preserving or privacy threatening.
Everyone is approaching a solution from their perspective of the problem. If we can't agree on one definition of the problem, we should at least agree on what definitions exist, and honestly look at the objections to each one.
Solutions that fix one privacy threat in one model may cause one in another model. Lets acknowledge what the models are. Lets make it clear what kind of data in what kind of transit systems are threats.
An open conversation about this is needed to create a truly private web