remove high level threats and reference RFC6973 instead (#421)

Co-authored-by: Robin Berjon <[email protected]>
w3ctag · May 8, 2024 · fde250a · fde250a
1 parent 482b66b
commit fde250a
Showing 1 changed file with 5 additions and 85 deletions.
diff --git a/index.html b/index.html
@@ -675,14 +675,14 @@
 which may include: Internet service providers; other network operators; local institutions providing
 a network connection including schools, libraries, or universities; government intelligence services;
 malicious hackers who have gained access to the network or the systems of any of the other actors.
-High-level threats including [=surveillance=] may be pursued by these actors. Pervasive monitoring,
+High-level threats including surveillance may be pursued by these actors ([[RFC6973]]). Pervasive monitoring,
 a form of large-scale, indiscriminate surveillance, is a known attack on the privacy of users of the
 internet and the web [[RFC7258]].
 
 Information flows may also involve other people &mdash; for example, other users of a site &mdash;
 which could include friends, family members, teachers, strangers, or government officials. Some
-threats to privacy, including both [=disclosure=] and harassment, may be particular to the other
-people involved in the information flow.
+threats to privacy, including both disclosure and harassment, may be particular to the other
+people involved in the information flow ([[RFC6973]]).
 
 ## Individual Autonomy {#autonomy}
 
@@ -1115,7 +1115,7 @@
 violates the other people's rights to be free from manipulation.
 
 On the other hand, identifying everyone with enough detail to detect these cases tends to
-violate their rights to be free from [=surveillance=] and [=correlation=].
+violate their rights to be free from surveillance and correlation. ([[RFC6973]])
 
 </aside>
 
@@ -1843,7 +1843,7 @@
 <div class="practice" data-audiences="websites user-agents">
   <span class="practicelab" id="no-secondary-use">
     [=Actors=] should not use personal data for purposes other than those specified. (Other uses are often called
-    [=secondary uses=].)
+    secondary uses [[RFC6973]].)
   </span>
 </div>
 
@@ -2331,86 +2331,6 @@
 
 </section>
 
-<section class="appendix">
-
-# High-Level Threats {#threats}
-
-User agents should attempt to defend the people using them from a variety of high-level
-threats or attacker goals, described in this section.
-
-These threats are an extension of the ones discussed by [[RFC6973]].
-
-<dl>
-<dt><dfn>Correlation</dfn>
-
-<dd> Correlation is the combination of various pieces of information related to an
-    individual or that obtain that characteristic when combined. See
-    <a
-data-cite="RFC6973#section-5.2.1">RFC6973§5.2.1</a>.
-
-<dt>Data Compromise
-
-<dd> End systems that do not take adequate measures to secure data from
-    unauthorized or inappropriate access. See <a
-    data-cite="RFC6973#section-5.1.2">RFC6973§5.1.2</a>.
-
-<dt><dfn>Disclosure</dfn>
-
-<dd>Disclosure is the revelation of information about an individual that affects
-    the way others judge the individual. See <a
-data-cite="RFC6973#section-5.2.4">RFC6973§5.2.4</a>.
-
-<dt>Exclusion
-
-<dd>Exclusion is the failure to allow individuals to know about the data that
-    others have about them and to participate in its handling and use. See
-    <a
-data-cite="RFC6973#section-5.2.5">RFC6973§5.2.5</a>.
-
-<dt>Identification
-
-<dd>Identification is the linking of information to a particular individual, even if the information
-isn't linked to that individual's real-world identity (e.g. their legal name, address, government ID
-number, etc.). Identifying someone allows a system to treat them differently from others, which can
-be [=inappropriate=] depending on the [=context=]. See
-<a data-cite="RFC6973#section-5.2.2">RFC6973§5.2.2</a>.
-
-<dt><dfn>Intrusion</dfn>
-
-<dd> [=Intrusion=] consists of invasive acts that disturb or interrupt one’s life or
-    activities. See <a
-    data-cite="RFC6973#section-5.1.3">RFC6973§5.1.3</a>.
-
-<dt>Misattribution
-
-<dd> Misattribution occurs when data or communications related to one individual
-    are attributed to another. See <a
-data-cite="RFC6973#section-5.1.4">RFC6973§5.1.4</a>.
-
-<dt>Profiling</dt>
-
-<dd>The inference, evaluation, or prediction of an individual's attributes, interests, or
-behaviours.</dd>
-
-<dt><dfn>Secondary Use</dfn>
-
-<dd> Secondary use is the use of collected information about an individual without
-    the individual’s consent for a purpose different from that for which the
-    information was collected. See <a
-data-cite="RFC6973#section-5.2.3">RFC6973§5.2.3</a>.
-
-<dt><dfn>Surveillance</dfn>
-
-<dd> Surveillance is the observation or monitoring of an individual’s
-communications or activities. See <a
-data-cite="RFC6973#section-5.1.1">RFC6973§5.1.1</a>.
-</dl>
-
-These threats combine into the particular concrete threats we want web
-specifications to defend against, described in the sections that follow.
-
-</section>
-
 <section class="appendix" id="bp-summary"></section>
 
 <section class="appendix">