[LINK] Why Steve Jobs Insists on HTML5
Kim Holburn
kim at holburn.net
Tue Oct 12 11:29:05 AEDT 2010
On 2010/Oct/12, at 11:12 AM, Steven Clark wrote:
> On 12/10/2010 7:27 AM, Jan Whitaker wrote:
>> At 07:16 AM 12/10/2010, Roger Clarke you wrote:
>>
>>> Mr. Kamkar and privacy experts say that makers of Web browsers
>>> should
>>> agree on one control for eliminating all tracking capabilities at
>>> once. "There should be simple enough controls to take care of every
>>> single thing," said Ms. Dixon, who added that some browsers
>>> automatically collected large amounts of data unless a user told
>>> them
>>> not to.
>> This is all backwards. Why not block ALL storage except without
>> specific permission? What happened to Opt-*IN*?
>
> It's well recognised that opt-out reduces the number/percentage of
> people who are not captured. (for example, the difference between
> European countries with high organ donor levels and low donor levels
> is
> in large part explained by opt-out vs opt-in.)
>
> In short - people tend not to bother changing default options; so
> choose
> the default *you* prefer for them, and they'll largely just go with
> it.
>
> Which, of course, is why privacy advocates push for privacy-sensitive
> defaults, and the Facebook's of the world prefer the opposite ;)
>
>
> Also, how does one operate a contemporary commercial operating system
> *without* storing data *somewhere*? They're *designed* to do so (eg
> caching). Just because an application isn't *saving* data explicitly,
> doesn't mean it's not being stored somewhere else on the device.
A good security model says that code from external sources should run
in a separate sandbox (if at all) and not under the permissions of a
local user. So yes, an application should be able to store data but
only in its sandbox and under local monitoring. We are gradually
moving in this direction, but slowly.
> Daily interactions online involve a lot more data transfer than most
> realise, and a goodly part of that traffic is stored in some form at
> one
> or both ends. Some of it for 'basic' transactional processes like
> browser and server history, disk and web caching (just because you're
> not 'storing' it doesn't mean someone else isn't o.O), and so on.
> --
> Steven R Clark, BSc(Hons) LLB/LP(Hons) /Flinders/, MACS, Barrister &
> Solicitor
>
> PhD Scholar
> School of Commerce, Division of Business
> City West Campus, University of South Australia (UniSA)
> http://people.unisa.edu.au/Steven.Clark
>
> Deputy Director, Community Engagement Board (CEB)
> Chair, Economic, Legal and Social Issues Committee (ELSIC)
> Australian Computer Society (ACS)
> http://www.acs.org.au/index.cfm?action=show&conID=acscas
> <http://www.acs.org.au/index.cfm?action=show&conID=acscas>
>
> *Disclaimer:* This is email is not legal advice. Comments and
> statements
> above are based on my understanding of the issues at hand, and my
> attempts to understand them. They are intended to add to, and elicit
> discussion. Unless explicitly stated otherwise, opinions and
> statements
> are mine, not those of UniSA or the ACS.
Biggest sig competition?
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list