Be more explicit about how to improve web's "integrity" #21
Comments
|
@michaelchampion I agree that all of these things should be done, but I'm not sure that I agree that they belong in a Vision document. I would need to see your proposed wording before I comment more extensively, but I am not sure that this level of detail should go in a vision. Perhaps we need a vision explainer, supporting documents that go into detail about the organization's goals, and so on. |
I think it might be counterproductive to try to come up with a single, authoritative definition of privacy. Like @npdoty said in his dissertation:
|
|
@TzviyaSiegman : I understand that much of what I wrote is too detailed for a Vision document. I'll wait for the latest restructuring PR to land then propose concrete language. Good point, maybe some of this kind of thing belongs in an Explainer or Appendix (like the History, which I think is useful but is not really "Vision"). Nevertheless, a Vision is supposed to create a mental image of what a future web with more "integrity" would be like, and give the reader some plausible reason to believe the vision is achievable. I think being somewhat more specific about, for example, what "privacy" means and what W3C can do to achieve it, is necessary to make this Vision document compelling. Of course, a compelling enough vision to bring in new supporters is going to alienate some existing members. I don't envy the AB/W3M's job of walking that tightrope. But a vague "vision" that all existing stakeholders can support won't generate the enthusiasm needed to bring in new ones. |
|
I appreciate that
I hope it's feasible to define what "privacy" means more clearly in the context of W3C's vision of a web with more integrity. Or maybe if not a definition of "privacy" at least an authoritative "privacy threat model" that W3C can apply in reviewing specs and authority policy guidance. I don't know the answer to this question but will pose it anyway: Would (did?) someone say the same thing about "Accessibility" or "Internationalization" 25 years ago, before W3C defined what they meant in the W3C context? |
|
@michaelchampion Accessibility still does not have one meaning today. We vaguely define it to mean that the Web is for everyone, but WCAG has about 60 success criteria to define accessibility, and it is still in evolution. I think it's crucial for the W3C to work on defining privacy as it evolves, but I don't think it's part of the work of defining the vision and strategy. |
|
I was looking for review at my draft that kinda catalyzed this, and while I'm happy to get back to the right length in a much-improved document, we did lose something along the way. The sentence that caught my eye was
I wonder whether this specific point needs making about the integrity of the web: that we somehow prefer truth? (The sentence needs flipping over, by the way;;
|
|
@dwsinger I agree that the document has lost something as it has responded to broad feedback. The original drafts such as yours make the integrity points more clearly and forcefully. Statements like ....
... would give the document a sharper focus and be more likely to generate engagement with outside stakeholders than "let's not alienate anyone" language. Something similar on privacy might say "We recognize the right of users to make their personal data available only with their prior consent, while preserving the ability for websites to offer premium services in return for more information". |
|
Without going down the rabbit hole of what integrity means, I am a little skeptical of automatically assuming that professionally curated content has integrity. Much misinformation has been spread this way. We need to be extremely careful to avoid going into detail about explaining HOW we will acheive this vision. (I do recommend reading the Report by the CredWeb CG) |
Sure, a formal Aristotelian definition of "integrity" is beyond the remit of this Vision at best and a fool's errand a worst. But (elaborating on something I said above): we need to create a compelling mental image of what a future web with more "integrity" would be like for this document to be successful. That requires enough detail to give the reader some reason to believe the vision is achievable, so they should engage with / donate to W3C to help make it real. |
The ongoing privacy threat model work has indeed tried to provide more precision for that goal of reviewing specs. But in that case (similar to what we are hearing from the a11y experience), "privacy" is not defined and we are gathering a growing list of high-level privacy threats. Even the current list, derived from RFC 6973 (which also doesn't try to define "privacy" explicitly) goes well beyond the narrow definition of user-consent-over-collection-of-personal-data hinted at above, but there are also several open issues about expanding those high-level threats to other privacy concerns (over harassment, manipulation, threats to autonomy, etc.). |
|
Thanks @hober and @npdoty for the reference to Nick's dissertation, which BTW can be found at https://npdoty.name/writing/enacting-privacy/ . I will look at it and RFC 6973 for inspiration and guidance here. But what do you suggest we say about Integrity or Privacy in the Vision document? I'm thinking that the vision is to get more clarity what such terms mean in the context of web platform standards and bake those principles into the foundational documents of the Legal Entity. The problem I'm trying to solve is having stakeholders who don't agree with the principles perpetually blocking consensus on future standards. Or dragging this into a quasi-academic discussion about things that are too abstract to offer useful guidance (I'm thinking of the early TAG's pondering on the metaphysics of URIs and URLs). Clearly any sharp definition of such principles will drive away some current stakeholders, so be it. The goal is to find useful guiding principles that a critical mass of web stakeholders agree on and agree to be bound to in reviewing and approving web standards. |
|
We're not looking for bright-line definitions as much as we're looking for a sense of direction, and an ability to 'test' an idea against a principle: "does this improve the integrity of the web?". So I'd be cautious of over-defining (we've lived for years trying to realize "full potential", whatever that is). |
|
I talked with @dwsinger today, and we agree that the vision statement needs more "zing". That is, is should read more like a "call to arms" to improve the web's integrity by making fundamental changes to the way W3C thinks about its values/mission/principles. If "be more explicit about HOW to improve the web's integrity" doesn't help give it the necessary zing, that's fine, I won't press the point. But it would be good to hear from others how they think this vision document can be more exciting, persuasive, etc. |
I'd like to see a stronger statement of what exactly W3C should be doing on to evolve the web to have greater "integrity". I realize there is a substantial PR in the works so I won't provide specific language suggestions until it lands. Likewise I realize this is a "vision" document not necessarily a "strategy" document that suggests HOW to implement the vision. Nevertheless I hope the final Vision document has language along the following lines:
What "Privacy" and "Security" mean in practice should be defined in an authoritative way, ideally the "vision" is to encode the definition in authoritative documents such as the Member Agreement and Process. (I don't think there's much disagreement in the community as to what Accessibility and Internationalization mean, but pointers to authoritative definitions might be useful for outside audiences)
Language saying things like "standards emerge from consensus-building, mutual respect, technical coordination across borders, industries, and organizations around the world" is qualified/clarified by language saying something like : Dissent on whether a charter/spec is consistent with the stated values is fine; dissent that assumes additional values or rejects established ones is not.
Aspire to get something like the Privacy Threat Model to maturity and use those criteria to evaluate specs as they proceed on the Rec Track
Build credible policy guidance, analogous to WCAG, and encourage governments to reference the guidelines created by an international, multi stakeholder process. For example see this New York Times editorial ”All of this is why federal legislation is so urgently needed. That should include provisions making personal data collection available only with consumers’ prior consent. …If American consumers want more targeted advertising, or wish to freely share other personal data, they can choose to do so, rather than trust that companies have their best interests in mind.
The text was updated successfully, but these errors were encountered: