W3C home > Mailing lists > Public > public-device-apis@w3.org > June 2011

Re: Network Information API published as FPWD

From: Olli Pettay <Olli.Pettay@helsinki.fi>
Date: Wed, 15 Jun 2011 00:06:42 +0300
Message-ID: <4DF7CD62.9000708@helsinki.fi>
To: Robin Berjon <robin@berjon.com>
CC: Dominique Hazael-Massieux <dom@w3.org>, Harald Alvestrand <harald@alvestrand.no>, public-device-apis@w3.org
On 06/14/2011 05:41 PM, Robin Berjon wrote:
> On Jun 14, 2011, at 15:59 , Olli Pettay wrote:
>> Even the current API allows a bit too much fingerprinting, I
>> think. The fact that web app can know that user is using 2G
>> connection is a quite strong hint (at least in some countries) that
>> user is somewhere in the countryside. (There are perhaps already
>> other ways to detect that, but this is a new way) The connection
>> type is yet more information about user and his devices the web
>> apps can get, and so it perhaps should be accessible only if user
>> gives the permission.
>
> Far from me to suggest that fingerprinting is not an important
> consideration  it most certainly is  but we can't just start using
> it systematically as DAP's Ockham's razor lest we do nothing at all!
Yeah, I realize this is a problem. But we also can't just give up with
privacy because no one has figured out a good way to inform or ask
permission (in a scalable way) from user.



> I think that we have to accept that there will be new information
> that can help fingerprint browsers (frankly, given the precision of
> current fingerprinting it's unclear how much any addition does indeed
> hurt  http://panopticlick.eff.org/ is a good demo). Putting
> everything behind a security prompt is not a good solution, it
> actually makes users care less about privacy. So while we should be
> very careful when we decide to expose information unprotected, I
> think we should be equally careful in not going too far in the other
> direction.
>
> It could be quite interesting if someone were to scare up a set of
> criteria for when something allows for too much fingerprinting and
> when it seems okay.
Indeed


>
Received on Tuesday, 14 June 2011 21:07:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:14:21 GMT