W3C home > Mailing lists > Public > public-device-apis@w3.org > May 2010

Re: Sys Info network attributes

From: Robin Berjon <robin@robineko.com>
Date: Wed, 26 May 2010 13:11:18 +0200
Cc: W3C Device APIs and Policy WG <public-device-apis@w3.org>
Message-Id: <5E048B7E-8920-4352-8695-68CF8583E1CD@robineko.com>
To: Doug Turner <dougt@dougt.org>
On May 21, 2010, at 07:22 , Doug Turner wrote:
> sending a mac address to a site is dangerous as it allows the site to always know who the client is and the client can't do anything about it.

Right, as a rarely spoofed unique identifier it's pretty much a dream. You could even track people when they switch browsers.

> I think in general that is a bad thing for the people on the web, but maybe widgets have a need for something like this.

If it doesn't work on the web it's not in scope, at least not for core functionality (environments in which trust can be considered higher can maybe have extensions).

> Is any UA seriously considering exposing this API to the web without some sort of notification to the user that the requesting website is requesting something that is more privileged than normal?

Not that I know of, all I've heard would require an infobar or similar. The issue here is that you don't want the UAs to have to expose a highly granular UI for what properties are in and which are out, you want to more or less bulk authorise. Inasmuch as possible, what is bulked okayed still needs to be reasonably aligned in terms of threats to privacy.

--
Robin Berjon
  robineko  hired gun, higher standards
  http://robineko.com/
Received on Wednesday, 26 May 2010 11:11:47 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:53:43 UTC