Closed darobin closed 2 years ago
Origin sovereignty, as proposed for the W3C's vision in https://github.com/WebStandardsFuture/Vision/pull/37, seems to have 3ish pieces, with varying connections to privacy. Paraphrasing:
You mention that origin sovereignty fits under "collective approaches to privacy". If I'm understanding that section correctly, for it to fit there, you would have to mean that efforts to make websites collectively legible to their users—to categorize and systematize the websites—need to be governed democratically lest it violate those websites' rights. I don't think you do mean that, since it would invert the priority of constituencies.
One of the challenges of using terms like "sovereignty" is that they already have a long history and even in new contexts evoke that history. Leaving aside the term, my concern is that the principle appears to take the perspective of the author (or operator of a Web property) and its needs, rather than of a user or users. We want user agents to protect users from malicious authors (operators of a Web property) that want to violate user privacy. But, perhaps I am not understanding how you intend to apply the principle in this context. Looking forward to discussion.
I also fear direct reference to "origin sovereignty" may bring in too many non-privacy points of not-yet-consensus.
It would be interesting to add the principle that, to the extent that they can, user agents should enforce origin sovereignty as part of collective approaches to privacy. (See also mention in #77.)