canmove, Confirmed users
1,537
edits
Privacy/Reviews/BrowserID.org: Difference between revisions
→Alignment with Privacy Operating Principles
| Line 356: | Line 356: | ||
====Principle: Transparency / No Surprises==== | ====Principle: Transparency / No Surprises==== | ||
The user clicks a browser ID button to sign into sites, he interacts with a browser ID pop-up window (clearly at a browserid.org URL), and chooses what email addresses to use with browser ID. This all seems pretty straightforward and unsurprising. | The user clicks a browser ID button to sign into sites, he interacts with a browser ID pop-up window (clearly at a browserid.org URL), and chooses what email addresses to use with browser ID. This all seems pretty straightforward and unsurprising. | ||
The privacy policy has a plain-english and legal version, making it accessible to more people. | |||
''Recommendations'': none. | ''Recommendations'': none. | ||
| Line 372: | Line 374: | ||
====Principle: Limited Data==== | ====Principle: Limited Data==== | ||
By nature, browserid.org only collects and retains data necessary for connecting email addresses to third parties. Most of the mapping of email address to relying party is done in the browser's local storage (not on the server) | By nature, browserid.org only collects and retains data necessary for connecting email addresses to third parties. Most of the mapping of email address to relying party is done in the browser's local storage (not on the server), though the server does learn the email-RP mappings. | ||
''Recommendations'': Minimize retention of log data to what's necessary to operate and grow the site. Encourage email providers to act as primaries. | ''Recommendations'': Minimize retention of log data to what's necessary to operate and grow the site. Encourage email providers to act as primaries. | ||