W3C Web Application Privacy Best Practices - A Guide

The W3C have released Web Application Privacy Best Practices - What do we do with it?

So the W3C have recently released a document entitled Web Application Privacy Best Practices, which I have to say I am more than happy about.

I really think that with most things in life, if you can follow a best practice (and so long as that best practice is sound) then you won't go far wrong.

So I guess the first question I have to ask is, is this document sound? Well, of course it is, it is written by some of the smartest people in our industry and a lot of thought has went into it.

As it is the first public working draft we cannot expect the content to stay nailed down exactly as it is but I don't think it would be jumping the gun to begin implementing those best practices mentioned in it.

Having read through the document a couple of times I don't think there is anything too ground breaking in it, if you are a thoughtful web developer who tries to keep the end user happy then you are probably doing most of these things anyway.

One of the items I personally need to put more thought into is…

Best Practice 9: Retain the minimum amount of data at the minimum level of detail for the minimum amount of time needed. Consider potential misuses of retained data and possible countermeasures.

I try and maintain the minimum amount of data, but I never really consider how long I need that data for, any tips you have on how to judge this type of thing I would love to hear about in a tweet.

One thing I think is maybe missing from this document.

I will be following the steps outlined in the document.

To wrap up then, I am glad a document like this has surfaced, it will make my life easier when making decisions and if the majority of web owners followed them it might make the world a better place!

Recent posts View all

Ruby

Rubocop CircleCI Config

How to fix issues with Rubocop running on your entire code base.

General

Testing DNS Speeds

Here are some quick scripts for testing DNS speeds and comparing the results.