jyasskin
commented
2 years ago Origin sovereignty, as proposed for the W3C's vision in https://github.com/WebStandardsFuture/Vision/pull/37, seems to have 3ish pieces, with varying connections to privacy. Paraphrasing:
- ~"Aggregation and republishing are suspect." This seems like not a privacy issue, but rather a defense of a business model. I propose leaving this in the Vision document.
- ~"Third parties must only be service providers." This is the topic of #77, and whatever principle we extract from that does belong here. I suspect the term "origin sovereignty" is going to confuse more than help on this point, so we should just state the principle.
- ~"Website operators who also control other parts of the stack shouldn't compete unfairly." This is true, and perhaps connected to #78, in which privileged parts of the stack shouldn't use their customers' data in ways that aren't aimed enough at benefitting those customers.
You mention that origin sovereignty fits under "collective approaches to privacy". If I'm understanding that section correctly, for it to fit there, you would have to mean that efforts to make websites collectively legible to their users—to categorize and systematize the websites—need to be governed democratically lest it violate those websites' rights. I don't think you do mean that, since it would invert the priority of constituencies.
sandandsnow
wseltzer
It would be interesting to add the principle that, to the extent that they can, user agents should enforce origin sovereignty as part of collective approaches to privacy. (See also mention in #77.)