Andy,
Yes, but that doesn't rule out Google Analytics, as long as the user
knows about it and desires it, right?
I think, therefore, this bit needs an addition:
For the purposes of this BCP "pervasive monitoring" means very
widespread privacy-invasive gathering of protocol artefacts including
application content, protocol meta-data (such as headers) or keys
used to secure protocols. Other forms of traffic analysis, for
example, correlation, timing or measuring packet sizes can also be
used for pervasive monitoring.
Adding the sentence, "In addition, to qualify as pervasive monitoring,
the activity should be either unknown to or unwelcome by the target of
the monitor," would make the difference explicit.
Best regards,
A
I'd suggest "unauthorized" as a replacement for "unknown or unwelcome",
as we try to better define PM.
I don't think it's necessary to mention "keys" here, since the keys
are not that valuable if you don't also grab the data, wrt confidentiality.
Also, "traffic analysis" probably should be discussed separately from
violating the confidentiality of app layer content. It's probably going
to be easier to address content confidentiality vs. traffic analysis,
and so it behooves us to make the distinction here, if we are trying
to use this doc to explain what we want WGs to address.
I am catching up on this thread, as I lost iesg messages for a few weeks.
I assume that others have noted that "artefact" is misspelled.
Steve