Report from the Internet Privacy Workshop
RFC 6462

Document Type RFC - Informational (January 2012; No errata)
Last updated 2015-10-14
Stream IAB
Formats plain text pdf html bibtex
Stream IAB state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
Internet Architecture Board (IAB)                              A. Cooper
Request for Comments: 6462                                  January 2012
Category: Informational
ISSN: 2070-1721

               Report from the Internet Privacy Workshop

Abstract

   On December 8-9, 2010, the IAB co-hosted an Internet privacy workshop
   with the World Wide Web Consortium (W3C), the Internet Society
   (ISOC), and MIT's Computer Science and Artificial Intelligence
   Laboratory (CSAIL).  The workshop revealed some of the fundamental
   challenges in designing, deploying, and analyzing privacy-protective
   Internet protocols and systems.  Although workshop participants and
   the community as a whole are still far from understanding how best to
   systematically address privacy within Internet standards development,
   workshop participants identified a number of potential next steps.
   For the IETF, these included the creation of a privacy directorate to
   review Internet-Drafts, further work on documenting privacy
   considerations for protocol developers, and a number of exploratory
   efforts concerning fingerprinting and anonymized routing.  Potential
   action items for the W3C included investigating the formation of a
   privacy interest group and formulating guidance about fingerprinting,
   referrer headers, data minimization in APIs, usability, and general
   considerations for non-browser-based protocols.

   Note that this document is a report on the proceedings of the
   workshop.  The views and positions documented in this report are
   those of the workshop participants and do not necessarily reflect the
   views of the IAB, W3C, ISOC, or MIT CSAIL.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Architecture Board (IAB)
   and represents information that the IAB has deemed valuable to
   provide for permanent record.  Documents approved for publication by
   the IAB are not a candidate for any level of Internet Standard; see
   Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6462.

Cooper                        Informational                     [Page 1]
RFC 6462         2010 IAB-W3C-ISOC-MIT Privacy Workshop     January 2012

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Table of Contents

   1. Introduction ....................................................3
   2. Workshop Overview ...............................................3
      2.1. Technical Discussion .......................................4
      2.2. SDO Discussion .............................................5
   3. Design Challenges ...............................................6
      3.1. Ease of Fingerprinting .....................................6
      3.2. Information Leakage ........................................7
      3.3. Differentiating between First and Third Parties ............8
      3.4. Lack of Transparency and User Awareness ....................9
   4. Deployment and Analysis Challenges ..............................9
      4.1. Generative Protocols vs. Contextual Threats ................9
      4.2. Tension between Privacy Protection and Usability ..........11
      4.3. Interaction between Business, Legal, and Technical
           Incentives ................................................12
           4.3.1. Role of Regulation .................................12
           4.3.2. P3P: A Case Study of the Importance of Incentives ..13
   5. Conclusions and Next Steps .....................................14
      5.1. IETF Outlook ..............................................14
      5.2. W3C Outlook ...............................................15
      5.3. Other Future Work .........................................15
   6. Acknowledgements ...............................................15
   7. Security Considerations ........................................15
   8. Informative References .........................................16
   Appendix A. Workshop Materials ....................................19
   Appendix B. Workshop Participants .................................19
   Appendix C. Accepted Position Papers ..............................21

Cooper                        Informational                     [Page 2]
Show full document text