[wg/fedid] Privacy Review

NalaGinrut commented 3 months ago

Hi fedid folks! I'm the PING reviewer to help you on improving the privacy considerations. I took weeks to figure out what the group is focusing on, so please correct me if I failed to understand something correctly.

The privacy review principle We follow the exiting privacy principles, specifically, the information flow and individual autonomy.

Here're some parts could be improved:

Here, 'privacy' minimally refers to the appropriate processing of personal information and preventing third parties from unnecessarily learning anything about the end-user's environment (e.g., which wallets are available, their brand, and their capabilities).

My concern here is the word "minimally". Although I guess the word here is to set a lowest-bar, I still hope you could find a better word instead, or just remove it. Because if the charter set the lowest-bar explicitly, people may just follow the minimal way, which is far from the general privacy consideration.

Specific topics out of scope

May I ask these topics are unrelated to the group? Or related but not key things in the group? For later, is there any consensus about the division of responsibilities when there's privacy issues in the future?

In Coordination section

Before seeking the horizontal review, it's better to self-review first, this may save a lot of time for both. It's appreciated if you could mention it.

Thanks!

cc @pes10k @jyasskin

NalaGinrut commented 3 months ago

BTW, this is my personal opinion as the reviewer. And the opinions are possibly aligned in the futures discussion within the PING. Depends on situations.

simoneonofri commented 3 months ago

Hi @NalaGinrut, thank you for the comment.

As we said in the call, this is an example of a specific threat that came up during some brainstorming about what might be important to remember. Indeed, I think it's a nice example of data minimization.

The term "minimally" is to be understood as "at the very least, at least," if you have other terms welcome, please tell me here so I can prepare a PR.

The coordination part is an element of the template that we can emphasize if you want. Anyway, doing the work first is one of the reasons I started publishing the Threat Model.

https://github.com/WICG/digital-credentials/issues/115

NalaGinrut commented 3 months ago

@simoneonofri Thanks for the feedback!

As I said, the minimalism in a charter, specifically, may unintentionally imply an improper lowest bar for the newbies or people passing by. So the simplest solution is just to remove it. Say, 'privacy' may refer to ... and let people find the more formal answer in privacy principles.
It's great appreciated if you could emphasize the privacy self-review first which is a good way to show the attitude for newbies or people passing by.

Hope this is the minimalism work you could spend time to fix. ;-) Thank you very much!

simoneonofri commented 3 months ago

@NalaGinrut @jyasskin

Again, thank you for the comment and discussion.

PR follows in response to the PING Comment:

Scope: removed the phrase and added a generic "privacy-preserving" term https://github.com/w3c/charter-drafts/pull/537
Success Criteria: moved here the concept of the specific mitigations indicated previously in the scope (I prefer not to lose this information) https://github.com/w3c/charter-drafts/pull/538
Coordination: added the "self-review first". https://github.com/w3c/charter-drafts/pull/539

Feel free to approve or modify.

[cc'ing: @hlflanagan @wseltzer @timcappalli @marcoscaceres @samuelgoto @timcappalli]