On Thu, Aug 15, 2013 at 11:24 AM, SM <sm@xxxxxxxxxxxx> wrote:
Reputations can certainly be private things, both as an aggregate "result" and as the pieces of data that allowed that result to be reached. But I don't think that's a new point given the above. The new text will cover it.
-MSK
The Privacy Considerations Section focuses on data in transit and collection of data only. Section 8.1 mentions protecting the data from "unauthorized access and viewing". That would only be unauthorized viewing while the data is in transit.
Sure, mentioning something about the stored aggregated data also makes sense in Section 8. I'll add something.
I don't know whether people overlook this; the queries leak out information. Information which the user might consider as private is sent out without the person's knowledge. I suggest pushing that discussion to the specification which defines the identity (e.g. draft-ietf-repute-email-identifiers-08).
I don't think this point is specific to email identifiers. This is the right place to say it.
As a general comment I would say that the issue is less about privacy and more about reputation. There is a saying: Tell me what you read and I will tell you who you are.
-MSK