W3C | TAG | TAG Work Plan

Product: Privacy by Design in Javascript APIs (was: API Minimization)

Goals

The intent of this effort is to identify, document, and promote best practices for designing Javascript APIs in a manner that will protect users' privacy by discouraging the return of unnecessary information, notably by avoiding fingerprinting. This covers multiple related approaches to preserving users' privacy:

• User-mediated enumeration. For instance, rather than allowing the code to enumerate all video inputs and select one to ask the user for permission to access it, have the code request access to video input in general, and let the user pick the input she wishes to grant access to. This prevents fingerprinting.
• Device-triggered access. A good example of this design approach is the Gamepad API. Rather than allowing the enumeration of gamepads plugged that are available (which would provide a potentially large fingerprinting surface) input from gamepads is only provided when the user manipulates them (similar to the manner in which script cannot enumerate or even detect the presence of a mouse until the user moves it).
• API minimisation. Make it so that if the code only needs access to the phone numbers in a user's set of contacts, don't also provide their emails, home addresses, etc. on the returned contact objects. Furthermore, if applicable, make it possible for the user to be fully in control of the exact information that is returned when it is sensitive.

Success criteria

• The finding (or discussions leading to the finding) successfully influence the design of APIs to improve their "privacy characteristics".
• The document provides useful education and analysis for those who build web applications and related specifications. Inside W3C several API-related groups have already had privacy- and fingerprinting-related discussions. These should constitute a priority target for this finding.

Key deliverables with dates:

• Initial draft finding for review at Nov. 2011 TPAC
• New version draft finding for review at Apr. 2012 TAG F2F
• TBD: an approved TAG finding on API Privacy by Design

Schedules:

• New draft finding for community and TAG review Mar/Apr 2012

TAG Members assigned:

• Robin Berjon
• Several participants in the DAP WG have indicated strong interest and may contribute to the work

Misc.

We intend to coordinate with the IAB on the review of this.

TAG Issues, Actions, Tracker Product Page

• Tracker page for API minimization product
• ACTION-514: on - Robin Berjon - Draft finding on API minimization - Due: 2011-10-18 - OPEN
• ACTION-662: on - Robin Berjon - Redraft proposed product page on API Minimization - PENDING REVIEW