Hi Gerv, Alina and I summarized all the feedback and responded to it in this Google doc. Let us know if this doesn't answer your questions.
https://docs.google.com/a/mozilla.com/document/d/18KpDi85Iguc0hI39UbxGG7gOPmQBcAU3WhSIOnal4bw/edit# On Monday, July 21, 2014 3:23:24 AM UTC-7, Gervase Markham wrote: > Hi Alina, > > > > Thanks for running this review :-) Lots of interesting stuff in here; > > forgive me if I focus on the bits I think may need more work. > > > > On 19/07/14 00:33, Alina Hua wrote: > > > NO SURPRISES Previous: Only use and share information about our users > > > for their benefit and as spelled out in our notices. New: Use > > > information in a way that is transparent and benefits the user. > > > > Why was "and share" removed? > > > > > SENSIBLE SETTINGS Previous: Establish default settings that balance > > > safety and user experience appropriately. New: Design for a > > > thoughtful balance of safety and user experience. Context: Replaced > > > "Establish default settings" with "Design for" to be less repetitive > > > with the title and focus on the engineering design phase. Replaced > > > "appropriately" with "thoughtful" to indicate carefully considered > > > tradeoffs. > > > > This problem was present in the original, but: this implies that there's > > a trade-off between safety and user experience. I don't think that's so > > - you can have very usable, very privacy-respecting software. The > > difficult tradeoff is often between safety and _features_. That is to > > say, users want to do a certain thing or site owners want to provide a > > certain capability, but it's hard to do it in a way which also preserves > > their privacy. > > > > > REAL CHOICES (removed) Previous: Educate users whenever we collect > > > any personal information and give them a choice whenever possible. > > > Context: Eliminated based on feedback that the difference between > > > choice and control wasn't clear, and that the conversation has moved > > > to control, rather than choice. > > > > So the argument is that this issue is now covered by the "User Control" > > section? > > > > > LIMITED DATA Previous: Collect and retain the least amount of user > > > information necessary. Try to share anonymous aggregate data whenever > > > possible, and then only when it benefits the web, users or > > > developers. New: Collect what we need, de-identify where we can and > > > delete when no longer necessary. Context: Replaced "collect and > > > retain the least amount" with the broader "collect what we need". > > > Removed "only when it benefits" seemed broad enough that most things > > > would fall in one of the three. > > > > I think this actually was valuable due to what it excluded - it excluded > > benefit to _us_. That is to say, if we collected user information and > > simply sold it at a profit, that would _not_ be covered. Now, we just > > have "what we need", and so if we argue that Mozilla "needs" to make > > money to stay in business, we could argue that the practice just > > outlined was in line with the new principles. > > > > > Considered adding "collect only" but > > > concerns about differences in definition (ex: indirect benefit vs. > > > direct benefit). > > > > To add "only" was my immediate thought; I would be interested in more > > discussion about why this was left out. > > > > > USER CONTROL Previous: Do not disclose personal user experience > > > without the user's consent. Innovate, develop and advocate for > > > privacy enhancements that put users in control of their online > > > experiences. New: Establish enhancements that allow individuals to > > > control their data and online experiences Context: Removed the > > > sentence about consent, because it is more of an example of enabling > > > control. Removed "advocate for" to simplify and to focus on direct > > > engineering action. Added 'control their data'. > > > > "Establish enhancements" is an odd phrase. It also makes it sound like > > we don't do this at the moment, but hope to in the future. I hope that's > > not true :-) > > > > > TRUSTED THIRD PARTIES (relocated) Previous: Make privacy a factor in > > > selecting and interacting with partners. Context: Incorporated into > > > the introduction as "select and interact with partners". All > > > principles inform how we work with partners, so this does not need to > > > be a standalone principle. > > > > "Interact with" is weaker than "choose". "Choose" means "we might reject > > this partner if their privacy story sucks". "Interact with" could mean > > "having chosen this partner, we use the principles to make sure we do > > whatever they can manage on the privacy front (but if it sucks, that > > doesn't mean we change provider, because we did our best)". > > > > I like the idea that we would refuse to work with a partner who couldn't > > maintain the privacy of our users. > > > > > IN-DEPTH DEFENSE (added) New: Innovate multi-layered security > > > controls and practices, > > > > "Innovate" as a transitive verb sounds really like marketing-speak. > > > > > many of which are publicly verifiable by our > > > global community. > > > > "Many of which" seems weak. > > > > "Between me and my brother, we know everything!" > > "OK, what's the capital of Chad?" > > "Er... that's one my brother knows." > > > > Gerv _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
