Closed simoneonofri closed 4 months ago
I think you meant to file this against the Ethical Web Principles at https://w3ctag.github.io/ethical-web-principles/#privacy. @torgo, can you move the issue?
It would be good to also be specific about what kind of risks are being talked about; e.g.,
We will start by creating web technologies that create as few risks to users as possible, and mitigate the risks that we cannot avoid. We will make sure people understand what risks they are taking when they use the web.
Hi @mnot, I like what you wrote.
I was also reflecting. Although it is commonly used that "risk" has a negative meaning, particularly in IT, according to the definition in ISO 31000, a risk is "the effect of uncertainty on objectives." If this has a potentially negative effect on objectives, it is a threat; if it has potentially positive effects, it is an opportunity. So, it might be better to use the term "threat."
I've made a PR with @mnot's suggestion, and changed "risks" to "harms" (rather than "threats") as I feel that better captures passive or unintended negative consequences, as well as active threats.
@simoneonofri I couldn't add you as a reviewer, but please feel free to review the PR: https://github.com/w3ctag/ethical-web-principles/pull/118
thanks @rhiaro, i did a check on the definitions. in theory threat is a broader term that includes any thing that if it happens has a negative impact, while harm and a type of threat specific to civil society issues (which includes human rights, privacy etc...) so it depends on the meaning you want to give it. personally, I would leave threat, which is more generic. Example here: https://shostack.org/blog/threat-model-thursday-c2pa/
Thanks for adding clarity @simoneonofri, I've updated the PR to use "threat"
The important part of my proposal was to users -- to highlight the priority of constituencies.
The important part of my proposal was to users -- to highlight the priority of constituencies.
Oops! Oversight on my part. PR updated.
Hello everyone,
I want to propose a small modification to principle 2.5.
From:
To (addition in italic):
To put emphasis not only on the fact that we try to be as safe as possible when developing a standard, but also that some standards are born to mitigate risks (e.g., CSP, CORS, WebAuthn...).
Thank you,
Simone