Sunday, April 06, 2014

It's a dangerous world, learn about it

Tim Bray recently posted an article ("Ethical Privacy Choices") in which he asked, well no, demanded that:

 "the on­ly sane eth­i­cal po­si­tion [for web site operators] is to op­er­ate in a mode that is pri­vate by de­fault..."

He does offer this strawman codicil:
"​Yes, it is cer­tain­ly de­sir­able that for those who are in the
un­usu­al po­si­tion of be­ing con­fi­dent that they un­der­stand the
tech­ni­cal and pol­i­cy is­sues, they be giv­en the op­tion of
choos­ing to op­er­ate in plain-text anyone-can-MITM
anyone-can-eavesdrop mod­e.
"  
Catch the subtle sarcasm? I beg to differ.


A site operator should set the default to what the mojority of the site visitors would prefer. That's not as difficult as it sounds. When designing the site you target a specific demographic. Set defaults to what hat demographic has shown they like. If that's full privacy/security then so be it. If not, then do that.


What is imperative, though, is that the options to fine-tune that default are easily available and the explanation for the settings is succinct but easily understandable.


The world should not be designed to save the self-naive at the expense of those who have chosen to know its dangers.

Comments:
Dave Kearns thinks "A site operator should set the default to what the majority of the site visitors would prefer".
Actually no, a site operator should set defaults to comply with applicable privacy principles and best practices, such as openness and Collection Limitation (what FTC Commissioner Brill calls information minimization).
Merely satisfying the majority's wishes is not good enough, especially when Kearns acknowledges that it's a dangerous world. His brazen contempt for the "self-naive" who are unaware of the dangers [he seems to think it's their fault] is exactly the sort of attitude that opt-in privacy best practices help to ameliorate.
 
Ah Steve. While, of course, an operator should observe all applicable laws there's still a great deal of leeway.

The "self-naive," that is, those who purposely choose not to know, do deserve contempt and certainly shouldn't look to the rest of society to protect them.
 
Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved

Home

[Powered by Blogger]

-->