[e2e] a means to an end
huitema at windows.microsoft.com
Sat Nov 8 11:56:40 PST 2008
> I'm not at all sure what you're talking about. AFAIK, IP addresses are
> not assigned to people.
Let's look at a concrete, market driven evaluation of that. We have a "privacy" process at Microsoft, where reviewers assess the impact of proposed products on the users' privacy, and often recommend design changes. A key part of the assessment is whether the application handles "personal identifiers", i.e. pieces of data that can be used to identify or track a person. If an application is found to do that, then a number of more stringent rules kick in, such as getting user consent, having processes to safeguard the data, and in fact quite a few more.
Long story short: we expressly consider IP addresses as personal identifiers, and submit them to pretty much the same rules as e-mail addresses. Yes, you can argue that IP addresses are sometimes shared and sometimes changed, but we believe there is enough correlation between IP addresses and user identities to place them in the "personal identifier" category, even if that is quite inconvenient for product designers.
I don't know whether we can design networks where locators and identifiers would not have that "personal identifier" characteristic. For example, identifiers that remain valid for a long enough period would de facto become user identifiers. Locators that embeds unique identification of the end-end delivery point would also have that characteristic.
-- Christian Huitema
More information about the end2end-interest