add centralization-is-bad section #95
Conversation
Co-authored-by: Jeffrey Yasskin <[email protected]>
Co-authored-by: Chris Needham <[email protected]>
Co-authored-by: Chris Needham <[email protected]>
| by favoring large or powerful organizations, to the detriment of smaller | ||
| organizations. We include in this concern both technologies | ||
| that explicitly promote centralization (e.g., systems that rely on | ||
| a single or small number of "trusted parties" to collect or pre-process data), |
There was a problem hiding this comment.
The DNS is hosted by a 'small number of "trusted parties"'. Are you suggesting that the Web shouldn't use it?
There are only three browser engines; does that represent a 'small number of "trusted parties"'?
Does this mean that Google Safe Browsing is centralized?
There was a problem hiding this comment.
The DNS is hosted by a 'small number of "trusted parties"'. Are you suggesting that the Web shouldn't use it?
No, i dont intend or think DNS would be covered by this wording. I can stand up a DNS server at home and it'll work just as well. But it would be very bad for a web standard to say "step 3: talk to Google, CF or Comcast's DNS servers".
There are only three browser engines; does that represent a 'small number of "trusted parties"'?
No I didn't intend browser engines to be covered here. I'm happy to revise the text to make that clearer. A browser engine isn't a trusted party, its auditable (or at least an implementation could be auditable, even if not all are). But, it would be bad if a standard was written to require talking to software or a service that was designed to be unauditable ( widevine…), for example.
Does this mean that Google Safe Browsing is centralized?
Google safe browsing is absolutely centralized. I think it'd be very bad to have a W3C standard that required talking to Google Safe Browsing servers to work correctly. Its a useful and valuable system, and I'm glad it exists, but it doesn't seem like a good model for building open standards for the Web.
There was a problem hiding this comment.
re DNS, @mnot I realize I might have misunderstood your comment. Were you referring to root servers, or resolvers? My comment was about the latter, but on second thought I see you might have meant the former.
If you meant root servers, yea, thats a tricky one, I take your point. Its unappealing, but maybe its least bad. I could try and emphasize "unless necessary" or "unless no other alternatives exist" or similar (though i appreciate that direction has its own downsides too)
| systems that are prohibitively expensive to run, or systems that provide more | ||
| utility as the number of participants increase). |
There was a problem hiding this comment.
This seems to rule out a large number of potentially useful things; effectiely, you're saying that the Web should not be more useful/efficient at scale.
There was a problem hiding this comment.
Thats not what i mean. I'd be grateful for help rewording, or refining if the principal appeals.
My goal is to capture that it'd be bad to standardize systems that:
- that require (either explicitly or in principal) user-bases bigger than what all but the largest system-participants / implementors can achieve. Examples could be K-anon systems with large K, or moderate K over a wide and uniform-ish distributed set of values, or noise-injection systems that require many users to recover a useable signal, etc.
- are expensive enough that they'd prohibit many/most system participants from implementing/running
Those goals seem distinguishable from systems that become marginally cheaper, or slightly more useful as usage increases. Though i appreciate the need for careful language to separate the two.
There was a problem hiding this comment.
Perhaps an example would help: is there a specification you have in mind where a design decision was able to discriminate along these lines? Or one that failed to, when it could have?
|
Closing as per #94 (comment) |
addresses issue #94