- From: Sam Ruby via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 14 Sep 2012 07:43:47 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec
In directory hutz:/tmp/cvs-serv26285
Modified Files:
dom.html introduction.html single-page.html spec.html
states-of-the-type-attribute.html
system-state-and-capabilities.html urls.html webappapis.html
Log Message:
commit fbc10ab441611a4805706ff0eaf10504a086f64f
Author: Silvia Pfeiffer <silviapfeiffer1@gmail.com>
Date: Sat Sep 8 23:47:47 2012 +1000
[e] (0) Mark features that can be used for fingerprinting. I'm sure I missed some, please don't hesitate to point them out to me. Even if they only contribute half a bit of data.
Affected topics: Canvas, DOM APIs, HTML, Web Storage
git-svn-id: http://svn.whatwg.org/webapps@7205 340c8d12-0b0e-0410-8428-c7bf67bfef74
(cherry picked from commit 0ba1f691bdfb1ead24949e7fed58be5e278e1a2b)
Index: dom.html
===================================================================
RCS file: /sources/public/html5/spec/dom.html,v
retrieving revision 1.1258
retrieving revision 1.1259
diff -u -d -r1.1258 -r1.1259
--- dom.html 14 Sep 2012 01:14:30 -0000 1.1258
+++ dom.html 14 Sep 2012 07:43:43 -0000 1.1259
@@ -570,8 +570,8 @@
</dl><div class="impl">
<p>The <dfn id="dom-document-cookie" title="dom-document-cookie"><code>cookie</code></dfn>
- attribute represents the cookies of the resource from which the
- <code><a href="#document">Document</a></code> was created.</p>
+ attribute represents the cookies of the resource identified by
+ <a href="#the-document's-address">the document's address</a>.</p>
<p>A <code><a href="#document">Document</a></code> object that falls into one of the
following conditions is a <dfn id="cookie-averse-document-object">cookie-averse <code>Document</code>
@@ -595,7 +595,9 @@
first <a href="webappapis.html#obtain-the-storage-mutex">obtain the storage mutex</a> and then return the
cookie-string for <a href="#the-document's-address">the document's address</a> for a
"non-HTTP" API, <a href="infrastructure.html#decoded-as-utf-8,-with-error-handling">decoded as UTF-8, with error handling</a>.
- <a href="references.html#refsCOOKIES">[COOKIES]</a></p>
+ <a href="references.html#refsCOOKIES">[COOKIES]</a>
+ <!--INSERT FINGERPRINT-->
+ </p>
<p>On setting, if the document is a <a href="#cookie-averse-document-object">cookie-averse
<code>Document</code> object</a>, then the user agent must do
Index: spec.html
===================================================================
RCS file: /sources/public/html5/spec/spec.html,v
retrieving revision 1.1989
retrieving revision 1.1990
diff -u -d -r1.1989 -r1.1990
--- spec.html 14 Sep 2012 07:14:28 -0000 1.1989
+++ spec.html 14 Sep 2012 07:43:44 -0000 1.1990
@@ -557,14 +557,15 @@
<li><a href="introduction.html#structure-of-this-specification"><span class="secno">1.7 </span>Structure of this specification</a>
<ol class="toc"><li><a href="introduction.html#how-to-read-this-specification"><span class="secno">1.7.1 </span>How to read this specification</a></li>
<li><a href="introduction.html#typographic-conventions"><span class="secno">1.7.2 </span>Typographic conventions</a></li></ol></li>
- <li><a href="introduction.html#a-quick-introduction-to-html"><span class="secno">1.8 </span>A quick introduction to HTML</a>
- <ol class="toc"><li><a href="introduction.html#writing-secure-applications-with-html"><span class="secno">1.8.1 </span>Writing secure applications with HTML</a></li>
- <li><a href="introduction.html#common-pitfalls-to-avoid-when-using-the-scripting-apis"><span class="secno">1.8.2 </span>Common pitfalls to avoid when using the scripting APIs</a></li></ol></li>
- <li><a href="introduction.html#conformance-requirements-for-authors"><span class="secno">1.9 </span>Conformance requirements for authors</a>
- <ol class="toc"><li><a href="introduction.html#presentational-markup"><span class="secno">1.9.1 </span>Presentational markup</a></li>
- <li><a href="introduction.html#syntax-errors"><span class="secno">1.9.2 </span>Syntax errors</a></li>
- <li><a href="introduction.html#restrictions-on-content-models-and-on-attribute-values"><span class="secno">1.9.3 </span>Restrictions on content models and on attribute values</a></li></ol></li>
- <li><a href="introduction.html#recommended-reading"><span class="secno">1.10 </span>Recommended reading</a></li></ol></li>
+ <li><a href="introduction.html#fingerprint"><span class="secno">1.8 </span>Privacy concerns</a></li>
+ <li><a href="introduction.html#a-quick-introduction-to-html"><span class="secno">1.9 </span>A quick introduction to HTML</a>
+ <ol class="toc"><li><a href="introduction.html#writing-secure-applications-with-html"><span class="secno">1.9.1 </span>Writing secure applications with HTML</a></li>
+ <li><a href="introduction.html#common-pitfalls-to-avoid-when-using-the-scripting-apis"><span class="secno">1.9.2 </span>Common pitfalls to avoid when using the scripting APIs</a></li></ol></li>
+ <li><a href="introduction.html#conformance-requirements-for-authors"><span class="secno">1.10 </span>Conformance requirements for authors</a>
+ <ol class="toc"><li><a href="introduction.html#presentational-markup"><span class="secno">1.10.1 </span>Presentational markup</a></li>
+ <li><a href="introduction.html#syntax-errors"><span class="secno">1.10.2 </span>Syntax errors</a></li>
+ <li><a href="introduction.html#restrictions-on-content-models-and-on-attribute-values"><span class="secno">1.10.3 </span>Restrictions on content models and on attribute values</a></li></ol></li>
+ <li><a href="introduction.html#recommended-reading"><span class="secno">1.11 </span>Recommended reading</a></li></ol></li>
<li><a href="infrastructure.html#infrastructure"><span class="secno">2 </span>Common infrastructure</a>
<ol class="toc"><li><a href="infrastructure.html#terminology"><span class="secno">2.1 </span>Terminology</a>
<ol class="toc"><li><a href="infrastructure.html#resources"><span class="secno">2.1.1 </span>Resources</a></li>
Index: states-of-the-type-attribute.html
===================================================================
RCS file: /sources/public/html5/spec/states-of-the-type-attribute.html,v
retrieving revision 1.239
retrieving revision 1.240
diff -u -d -r1.239 -r1.240
--- states-of-the-type-attribute.html 14 Sep 2012 05:43:41 -0000 1.239
+++ states-of-the-type-attribute.html 14 Sep 2012 07:43:44 -0000 1.240
@@ -3137,7 +3137,9 @@
element has a <code title="attr-input-value"><a href="the-input-element.html#attr-input-value">value</a></code> attribute,
the button's label must be the value of that attribute; otherwise,
it must be an implementation-defined string that means "Submit" or
- some such.</span> The element is a <a href="forms.html#concept-button" title="concept-button">button</a>, specifically a <a href="forms.html#concept-submit-button" title="concept-submit-button">submit button</a>.</p>
+ some such.</span> The element is a <a href="forms.html#concept-button" title="concept-button">button</a>, specifically a <a href="forms.html#concept-submit-button" title="concept-submit-button">submit button</a>.
+ <!--INSERT FINGERPRINT-->
+ </p>
<div class="impl">
@@ -3488,7 +3490,9 @@
element has a <code title="attr-input-value"><a href="the-input-element.html#attr-input-value">value</a></code> attribute,
the button's label must be the value of that attribute; otherwise,
it must be an implementation-defined string that means "Reset" or
- some such.</span> The element is a <a href="forms.html#concept-button" title="concept-button">button</a>.</p>
+ some such.</span> The element is a <a href="forms.html#concept-button" title="concept-button">button</a>.
+ <!--INSERT FINGERPRINT-->
+ </p>
<div class="impl">
Index: single-page.html
===================================================================
RCS file: /sources/public/html5/spec/single-page.html,v
retrieving revision 1.118
retrieving revision 1.119
diff -u -d -r1.118 -r1.119
--- single-page.html 14 Sep 2012 07:14:26 -0000 1.118
+++ single-page.html 14 Sep 2012 07:43:43 -0000 1.119
@@ -561,16 +561,17 @@
<ol class=toc>
<li><a href=#how-to-read-this-specification><span class=secno>1.7.1 </span>How to read this specification</a></li>
<li><a href=#typographic-conventions><span class=secno>1.7.2 </span>Typographic conventions</a></li></ol></li>
- <li><a href=#a-quick-introduction-to-html><span class=secno>1.8 </span>A quick introduction to HTML</a>
+ <li><a href=#fingerprint><span class=secno>1.8 </span>Privacy concerns</a></li>
+ <li><a href=#a-quick-introduction-to-html><span class=secno>1.9 </span>A quick introduction to HTML</a>
<ol class=toc>
- <li><a href=#writing-secure-applications-with-html><span class=secno>1.8.1 </span>Writing secure applications with HTML</a></li>
- <li><a href=#common-pitfalls-to-avoid-when-using-the-scripting-apis><span class=secno>1.8.2 </span>Common pitfalls to avoid when using the scripting APIs</a></li></ol></li>
- <li><a href=#conformance-requirements-for-authors><span class=secno>1.9 </span>Conformance requirements for authors</a>
+ <li><a href=#writing-secure-applications-with-html><span class=secno>1.9.1 </span>Writing secure applications with HTML</a></li>
+ <li><a href=#common-pitfalls-to-avoid-when-using-the-scripting-apis><span class=secno>1.9.2 </span>Common pitfalls to avoid when using the scripting APIs</a></li></ol></li>
+ <li><a href=#conformance-requirements-for-authors><span class=secno>1.10 </span>Conformance requirements for authors</a>
<ol class=toc>
- <li><a href=#presentational-markup><span class=secno>1.9.1 </span>Presentational markup</a></li>
- <li><a href=#syntax-errors><span class=secno>1.9.2 </span>Syntax errors</a></li>
- <li><a href=#restrictions-on-content-models-and-on-attribute-values><span class=secno>1.9.3 </span>Restrictions on content models and on attribute values</a></li></ol></li>
- <li><a href=#recommended-reading><span class=secno>1.10 </span>Recommended reading</a></li></ol></li>
+ <li><a href=#presentational-markup><span class=secno>1.10.1 </span>Presentational markup</a></li>
+ <li><a href=#syntax-errors><span class=secno>1.10.2 </span>Syntax errors</a></li>
+ <li><a href=#restrictions-on-content-models-and-on-attribute-values><span class=secno>1.10.3 </span>Restrictions on content models and on attribute values</a></li></ol></li>
+ <li><a href=#recommended-reading><span class=secno>1.11 </span>Recommended reading</a></li></ol></li>
<li><a href=#infrastructure><span class=secno>2 </span>Common infrastructure</a>
<ol class=toc>
<li><a href=#terminology><span class=secno>2.1 </span>Terminology</a>
@@ -1886,8 +1887,89 @@
<p class=impl>This is an implementation requirement.</p>
+ <h3 id=fingerprint><span class=secno>1.8 </span>Privacy concerns</h3>
- <h3 id=a-quick-introduction-to-html><span class=secno>1.8 </span>A quick introduction to HTML</h3>
+ <p><i>This section is non-normative.</i></p>
+ <p>Some features of HTML trade user convenience for a measure of
+ user privacy.</p>
+
+ <p>In general, due to the Internet's architecture, a user can be
+ distinguished from another by the user's IP address. IP addresses do
+ not perfectly match to a user; as a user moves from device to
+ device, or from network to network, their IP address will change;
+ similarly, NAT routing, proxy servers, and shared computers enable
+ packets that appear to all come from a single IP address to actually
+ map to multiple users. Technologies such as onion routing can be
+ used to further anonymize requests so that requests from a single
+ user at one node on the Internet appear to come from many disparate
+ parts of the network.</p>
+
+ <p>However, the IP address used for a user's requests is not the
+ only mechanism by which a user's requests could be related to each
+ other. Cookies, for example, are designed specifically to enable
+ this, and are the basis of most of the Web's session features that
+ enable you to log into a site with which you have an account.</p>
+
+ <p>There are other mechanisms that are more subtle. Certain
+ characteristics of a user's system can be used to distinguish groups
+ of users from each other; by collecting enough such information, an
+ individual user's browser's "digital fingerprint" can be computed,
+ which can be as good, if not better, as an IP address in
+ ascertaining which requests are from the same user.</p>
+
+ <p>Grouping requests in this manner, especially across multiple
+ sites, can be used for both benign (and even arguably positive)
+ purposes, as well as for malevolent purposes. An example of a
+ reasonably benign purpose would be determining whether a particular
+ person seems to prefer sites with dog illustrations as opposed to
+ sites with cat illstrations (based on how often they visit the sites
+ in question) and then automatically using the preferred
+ illustrations on subsequent visits to participating sites.
+ Malevolent purposes, however, could include governments combining
+ information such as the person's home address (determined from the
+ addresses they use when getting driving directions on one site) with
+ their apparent political affiliations (determined by examining the
+ forum sites that they participate in) to determine whether the
+ person should be prevented from voting in an election.</p>
+
+ <p>Since the malevolent purposes can be remarkably evil, user agent
+ implementors are encouraged to consider how to provide their users
+ with tools to minimise leaking information that could be used to
+ fingerprint a user.</p>
+
+ <p>Unfortunately, as the first paragraph in this section implies,
+ sometimes there is great benefit to be derived from exposing the
+ very information that can also be used for fingerprinting purposes,
+ so it's not as easy as simply blocking all possible leaks. For
+ instance, the ability to log into a site to post under a specific
+ identity requires that the user's requests be identifiable as all
+ being from the same user, more or less by definition. More subtly,
+ though, information such as how wide text is, which is necessary for
+ many effects that involve drawing text onto a canvas (e.g. any
+ effect that involves drawing a border around the text) also leaks
+ information that can be used to group a user's requests. (In this
+ case, by potentially exposing, via a brute force search, which fonts
+ a user has installed, information which can vary considerably from
+ user to user.)</p>
+
+ <p>Features in this specification which can be used to fingerprint
+ the user are marked as this paragraph is.
+ <!--INSERT FINGERPRINT-->
+ </p>
+
+ <p>Other features in the platform can be used for the same purpose,
+ though, including, though not limited to:</p>
+
+ <ul><li>The exact list of which features a user agents supports.</li>
+
+ <li>The maximum allowed stack depth for recursion in script.</li>
+
+ <li>Features that describe the user's environment, like Media
+ Queries and the <code>Screen</code> object. <a href=#refsMQ>[MQ]</a> <a href=#refsCSSOMVIEW>[CSSOMVIEW]</a></li>
+
+ <li>The user's time zone.</li>
+
+ </ul><h3 id=a-quick-introduction-to-html><span class=secno>1.9 </span>A quick introduction to HTML</h3>
<p><i>This section is non-normative.</i></p>
<p>A basic HTML document looks like this:</p>
@@ -2037,7 +2119,7 @@
understand at first.</p>
<!--ADD-TOPIC:Security-->
- <h4 id=writing-secure-applications-with-html><span class=secno>1.8.1 </span>Writing secure applications with HTML</h4>
+ <h4 id=writing-secure-applications-with-html><span class=secno>1.9.1 </span>Writing secure applications with HTML</h4>
<p><i>This section is non-normative.</i></p>
<p>When HTML is used to create interactive sites, care needs to be
@@ -2179,7 +2261,7 @@
</dd>
- </dl><!--REMOVE-TOPIC:Security--><h4 id=common-pitfalls-to-avoid-when-using-the-scripting-apis><span class=secno>1.8.2 </span>Common pitfalls to avoid when using the scripting APIs</h4>
+ </dl><!--REMOVE-TOPIC:Security--><h4 id=common-pitfalls-to-avoid-when-using-the-scripting-apis><span class=secno>1.9.2 </span>Common pitfalls to avoid when using the scripting APIs</h4>
<p><i>This section is non-normative.</i></p>
<p>Scripts in HTML have "run-to-completion" semantics, meaning that
@@ -2241,7 +2323,7 @@
- <h3 id=conformance-requirements-for-authors><span class=secno>1.9 </span>Conformance requirements for authors</h3>
+ <h3 id=conformance-requirements-for-authors><span class=secno>1.10 </span>Conformance requirements for authors</h3>
<p><i>This section is non-normative.</i></p>
<p>Unlike previous versions of the HTML specification, this
@@ -2260,7 +2342,7 @@
document and one with errors.</p>
- <h4 id=presentational-markup><span class=secno>1.9.1 </span>Presentational markup</h4>
+ <h4 id=presentational-markup><span class=secno>1.10.1 </span>Presentational markup</h4>
<p><i>This section is non-normative.</i></p>
<p>The majority of presentational features from previous versions of
@@ -2334,7 +2416,7 @@
<code><a href=#the-s-element>s</a></code>, <code><a href=#the-small-element>small</a></code>, and <code><a href=#the-u-element>u</a></code>.</p>
- <h4 id=syntax-errors><span class=secno>1.9.2 </span>Syntax errors</h4>
+ <h4 id=syntax-errors><span class=secno>1.10.2 </span>Syntax errors</h4>
<p><i>This section is non-normative.</i></p>
<p>The syntax of HTML is constrained to avoid a wide variety of
@@ -2594,7 +2676,7 @@
- <h4 id=restrictions-on-content-models-and-on-attribute-values><span class=secno>1.9.3 </span>Restrictions on content models and on attribute values</h4>
+ <h4 id=restrictions-on-content-models-and-on-attribute-values><span class=secno>1.10.3 </span>Restrictions on content models and on attribute values</h4>
<p><i>This section is non-normative.</i></p>
<p>Beyond the syntax of the language, this specification also places
@@ -2837,7 +2919,7 @@
</dd>
- </dl><h3 id=recommended-reading><span class=secno>1.10 </span>Recommended reading</h3>
+ </dl><h3 id=recommended-reading><span class=secno>1.11 </span>Recommended reading</h3>
<p><i>This section is non-normative.</i></p>
<p>The following documents might be of interest to readers of this
@@ -8022,7 +8104,9 @@
<li><p>Take ownership of the <a href=#storage-mutex>storage mutex</a>.</p></li>
- <li><p>Update the cookies. <a href=#refsCOOKIES>[COOKIES]</a></p></li>
+ <li><p>Update the cookies. <a href=#refsCOOKIES>[COOKIES]</a>
+ <!--INSERT FINGERPRINT-->
+ </p></li>
<li><p>Release the <a href=#storage-mutex>storage mutex</a> so that it is once
again free.</p></li>
@@ -9720,8 +9804,8 @@
</dl><div class=impl>
<p>The <dfn id=dom-document-cookie title=dom-document-cookie><code>cookie</code></dfn>
- attribute represents the cookies of the resource from which the
- <code><a href=#document>Document</a></code> was created.</p>
+ attribute represents the cookies of the resource identified by
+ <a href="#the-document's-address">the document's address</a>.</p>
<p>A <code><a href=#document>Document</a></code> object that falls into one of the
following conditions is a <dfn id=cookie-averse-document-object>cookie-averse <code>Document</code>
@@ -9745,7 +9829,9 @@
first <a href=#obtain-the-storage-mutex>obtain the storage mutex</a> and then return the
cookie-string for <a href="#the-document's-address">the document's address</a> for a
"non-HTTP" API, <a href=#decoded-as-utf-8,-with-error-handling>decoded as UTF-8, with error handling</a>.
- <a href=#refsCOOKIES>[COOKIES]</a></p>
+ <a href=#refsCOOKIES>[COOKIES]</a>
+ <!--INSERT FINGERPRINT-->
+ </p>
<p>On setting, if the document is a <a href=#cookie-averse-document-object>cookie-averse
<code>Document</code> object</a>, then the user agent must do
@@ -43810,7 +43896,9 @@
element has a <code title=attr-input-value><a href=#attr-input-value>value</a></code> attribute,
the button's label must be the value of that attribute; otherwise,
it must be an implementation-defined string that means "Submit" or
- some such.</span> The element is a <a href=#concept-button title=concept-button>button</a>, specifically a <a href=#concept-submit-button title=concept-submit-button>submit button</a>.</p>
+ some such.</span> The element is a <a href=#concept-button title=concept-button>button</a>, specifically a <a href=#concept-submit-button title=concept-submit-button>submit button</a>.
+ <!--INSERT FINGERPRINT-->
+ </p>
<div class=impl>
@@ -44161,7 +44249,9 @@
element has a <code title=attr-input-value><a href=#attr-input-value>value</a></code> attribute,
the button's label must be the value of that attribute; otherwise,
it must be an implementation-defined string that means "Reset" or
- some such.</span> The element is a <a href=#concept-button title=concept-button>button</a>.</p>
+ some such.</span> The element is a <a href=#concept-button title=concept-button>button</a>.
+ <!--INSERT FINGERPRINT-->
+ </p>
<div class=impl>
@@ -61314,7 +61404,9 @@
<li>The user has not disabled scripting for this <a href=#browsing-context>browsing
context</a> at this time. (User agents may provide users with
the option to disable scripting globally, or in a finer-grained
- manner, e.g. on a per-origin basis.)</li>
+ manner, e.g. on a per-origin basis.)
+ <!--INSERT FINGERPRINT-->
+ </li>
<li id=sandboxScriptBlocked>The <a href=#browsing-context>browsing context</a>'s
<a href=#active-document>active document</a>'s <a href=#active-sandboxing-flag-set>active sandboxing flag
@@ -63909,7 +64001,9 @@
to user can be used to profile the user. In fact, if enough such
information is available, a user can actually be uniquely
identified. For this reason, user agent implementors are strongly
- urged to include as little information in this API as possible.</p>
+ urged to include as little information in this API as possible.
+ <!--INSERT FINGERPRINT-->
+ </p>
</div>
@@ -64224,7 +64318,9 @@
closely describes the current state of the handler described by the
two arguments to the method, where the first argument gives the
scheme and the second gives the string used to build the
- <a href=#url>URL</a> of the page that will handle the requests.</p>
+ <a href=#url>URL</a> of the page that will handle the requests.
+ <!--INSERT FINGERPRINT-->
+ </p>
<p>The first argument must be compared to the schemes for which
custom protocol handlers are registered in an <a href=#ascii-case-insensitive>ASCII
@@ -64239,7 +64335,9 @@
closely describes the current state of the handler described by the
two arguments to the method, where the first argument gives the
<a href=#mime-type>MIME type</a> and the second gives the string used to build
- the <a href=#url>URL</a> of the page that will handle the requests.</p>
+ the <a href=#url>URL</a> of the page that will handle the requests.
+ <!--INSERT FINGERPRINT-->
+ </p>
<p>The first argument must be compared to the <a href=#mime-type title="MIME
type">MIME types</a> for which custom content handlers are
@@ -64612,7 +64710,9 @@
<a href=#url>URL</a> to an OpenSearch description document. <a href=#refsOPENSEARCH>[OPENSEARCH]</a></p></li>
</ol><p>The <dfn id=dom-external-issearchproviderinstalled title=dom-external-IsSearchProviderInstalled><code>IsSearchProviderInstalled()</code></dfn>
- method, when invoked, must run the following steps:</p>
+ method, when invoked, must run the following steps:
+ <!--INSERT FINGERPRINT-->
+ </p>
<ol><li><p>Optionally, return 0 and abort these steps. User agents may
implement the method as a stub method that never returns a
Index: urls.html
===================================================================
RCS file: /sources/public/html5/spec/urls.html,v
retrieving revision 1.242
retrieving revision 1.243
diff -u -d -r1.242 -r1.243
--- urls.html 14 Sep 2012 05:13:55 -0000 1.242
+++ urls.html 14 Sep 2012 07:43:45 -0000 1.243
@@ -1248,7 +1248,9 @@
<li><p>Take ownership of the <a href="webappapis.html#storage-mutex">storage mutex</a>.</p></li>
- <li><p>Update the cookies. <a href="references.html#refsCOOKIES">[COOKIES]</a></p></li>
+ <li><p>Update the cookies. <a href="references.html#refsCOOKIES">[COOKIES]</a>
+ <!--INSERT FINGERPRINT-->
+ </p></li>
<li><p>Release the <a href="webappapis.html#storage-mutex">storage mutex</a> so that it is once
again free.</p></li>
Index: introduction.html
===================================================================
RCS file: /sources/public/html5/spec/introduction.html,v
retrieving revision 1.1237
retrieving revision 1.1238
diff -u -d -r1.1237 -r1.1238
--- introduction.html 14 Sep 2012 01:14:32 -0000 1.1237
+++ introduction.html 14 Sep 2012 07:43:43 -0000 1.1238
@@ -331,9 +331,9 @@
<ol class="toc"><li><a href="introduction.html#introduction"><span class="secno">1 </span>Introduction</a>
<ol><li><a href="introduction.html#background"><span class="secno">1.1 </span>Background</a></li><li><a href="introduction.html#audience"><span class="secno">1.2 </span>Audience</a></li><li><a href="introduction.html#scope"><span class="secno">1.3 </span>Scope</a></li><li><a href="introduction.html#history-0"><span class="secno">1.4 </span>History</a></li><li><a href="introduction.html#design-notes"><span class="secno">1.5 </span>Design notes</a>
<ol><li><a href="introduction.html#serializability-of-script-execution"><span class="secno">1.5.1 </span>Serializability of script execution</a></li><li><a href="introduction.html#compliance-with-other-specifications"><span class="secno">1.5.2 </span>Compliance with other specifications</a></li></ol></li><li><a href="introduction.html#html-vs-xhtml"><span class="secno">1.6 </span>HTML vs XHTML</a></li><li><a href="introduction.html#structure-of-this-specification"><span class="secno">1.7 </span>Structure of this specification</a>
- <ol><li><a href="introduction.html#how-to-read-this-specification"><span class="secno">1.7.1 </span>How to read this specification</a></li><li><a href="introduction.html#typographic-conventions"><span class="secno">1.7.2 </span>Typographic conventions</a></li></ol></li><li><a href="introduction.html#a-quick-introduction-to-html"><span class="secno">1.8 </span>A quick introduction to HTML</a>
- <ol><li><a href="introduction.html#writing-secure-applications-with-html"><span class="secno">1.8.1 </span>Writing secure applications with HTML</a></li><li><a href="introduction.html#common-pitfalls-to-avoid-when-using-the-scripting-apis"><span class="secno">1.8.2 </span>Common pitfalls to avoid when using the scripting APIs</a></li></ol></li><li><a href="introduction.html#conformance-requirements-for-authors"><span class="secno">1.9 </span>Conformance requirements for authors</a>
- <ol><li><a href="introduction.html#presentational-markup"><span class="secno">1.9.1 </span>Presentational markup</a></li><li><a href="introduction.html#syntax-errors"><span class="secno">1.9.2 </span>Syntax errors</a></li><li><a href="introduction.html#restrictions-on-content-models-and-on-attribute-values"><span class="secno">1.9.3 </span>Restrictions on content models and on attribute values</a></li></ol></li><li><a href="introduction.html#recommended-reading"><span class="secno">1.10 </span>Recommended reading</a></li></ol></li></ol></div>
+ <ol><li><a href="introduction.html#how-to-read-this-specification"><span class="secno">1.7.1 </span>How to read this specification</a></li><li><a href="introduction.html#typographic-conventions"><span class="secno">1.7.2 </span>Typographic conventions</a></li></ol></li><li><a href="introduction.html#fingerprint"><span class="secno">1.8 </span>Privacy concerns</a></li><li><a href="introduction.html#a-quick-introduction-to-html"><span class="secno">1.9 </span>A quick introduction to HTML</a>
+ <ol><li><a href="introduction.html#writing-secure-applications-with-html"><span class="secno">1.9.1 </span>Writing secure applications with HTML</a></li><li><a href="introduction.html#common-pitfalls-to-avoid-when-using-the-scripting-apis"><span class="secno">1.9.2 </span>Common pitfalls to avoid when using the scripting APIs</a></li></ol></li><li><a href="introduction.html#conformance-requirements-for-authors"><span class="secno">1.10 </span>Conformance requirements for authors</a>
+ <ol><li><a href="introduction.html#presentational-markup"><span class="secno">1.10.1 </span>Presentational markup</a></li><li><a href="introduction.html#syntax-errors"><span class="secno">1.10.2 </span>Syntax errors</a></li><li><a href="introduction.html#restrictions-on-content-models-and-on-attribute-values"><span class="secno">1.10.3 </span>Restrictions on content models and on attribute values</a></li></ol></li><li><a href="introduction.html#recommended-reading"><span class="secno">1.11 </span>Recommended reading</a></li></ol></li></ol></div>
<h2 id="introduction"><span class="secno">1 </span>Introduction</h2>
<!--VERSION-->
@@ -777,8 +777,89 @@
<p class="impl">This is an implementation requirement.</p>
+ <h3 id="fingerprint"><span class="secno">1.8 </span>Privacy concerns</h3>
- <h3 id="a-quick-introduction-to-html"><span class="secno">1.8 </span>A quick introduction to HTML</h3>
+ <p><i>This section is non-normative.</i></p>
+ <p>Some features of HTML trade user convenience for a measure of
+ user privacy.</p>
+
+ <p>In general, due to the Internet's architecture, a user can be
+ distinguished from another by the user's IP address. IP addresses do
+ not perfectly match to a user; as a user moves from device to
+ device, or from network to network, their IP address will change;
+ similarly, NAT routing, proxy servers, and shared computers enable
+ packets that appear to all come from a single IP address to actually
+ map to multiple users. Technologies such as onion routing can be
+ used to further anonymize requests so that requests from a single
+ user at one node on the Internet appear to come from many disparate
+ parts of the network.</p>
+
+ <p>However, the IP address used for a user's requests is not the
+ only mechanism by which a user's requests could be related to each
+ other. Cookies, for example, are designed specifically to enable
+ this, and are the basis of most of the Web's session features that
+ enable you to log into a site with which you have an account.</p>
+
+ <p>There are other mechanisms that are more subtle. Certain
+ characteristics of a user's system can be used to distinguish groups
+ of users from each other; by collecting enough such information, an
+ individual user's browser's "digital fingerprint" can be computed,
+ which can be as good, if not better, as an IP address in
+ ascertaining which requests are from the same user.</p>
+
+ <p>Grouping requests in this manner, especially across multiple
+ sites, can be used for both benign (and even arguably positive)
+ purposes, as well as for malevolent purposes. An example of a
+ reasonably benign purpose would be determining whether a particular
+ person seems to prefer sites with dog illustrations as opposed to
+ sites with cat illstrations (based on how often they visit the sites
+ in question) and then automatically using the preferred
+ illustrations on subsequent visits to participating sites.
+ Malevolent purposes, however, could include governments combining
+ information such as the person's home address (determined from the
+ addresses they use when getting driving directions on one site) with
+ their apparent political affiliations (determined by examining the
+ forum sites that they participate in) to determine whether the
+ person should be prevented from voting in an election.</p>
+
+ <p>Since the malevolent purposes can be remarkably evil, user agent
+ implementors are encouraged to consider how to provide their users
+ with tools to minimise leaking information that could be used to
+ fingerprint a user.</p>
+
+ <p>Unfortunately, as the first paragraph in this section implies,
+ sometimes there is great benefit to be derived from exposing the
+ very information that can also be used for fingerprinting purposes,
+ so it's not as easy as simply blocking all possible leaks. For
+ instance, the ability to log into a site to post under a specific
+ identity requires that the user's requests be identifiable as all
+ being from the same user, more or less by definition. More subtly,
+ though, information such as how wide text is, which is necessary for
+ many effects that involve drawing text onto a canvas (e.g. any
+ effect that involves drawing a border around the text) also leaks
+ information that can be used to group a user's requests. (In this
+ case, by potentially exposing, via a brute force search, which fonts
+ a user has installed, information which can vary considerably from
+ user to user.)</p>
+
+ <p>Features in this specification which can be used to fingerprint
+ the user are marked as this paragraph is.
+ <!--INSERT FINGERPRINT-->
+ </p>
+
+ <p>Other features in the platform can be used for the same purpose,
+ though, including, though not limited to:</p>
+
+ <ul><li>The exact list of which features a user agents supports.</li>
+
+ <li>The maximum allowed stack depth for recursion in script.</li>
+
+ <li>Features that describe the user's environment, like Media
+ Queries and the <code>Screen</code> object. <a href="references.html#refsMQ">[MQ]</a> <a href="references.html#refsCSSOMVIEW">[CSSOMVIEW]</a></li>
+
+ <li>The user's time zone.</li>
+
+ </ul><h3 id="a-quick-introduction-to-html"><span class="secno">1.9 </span>A quick introduction to HTML</h3>
<p><i>This section is non-normative.</i></p>
<p>A basic HTML document looks like this:</p>
@@ -928,7 +1009,7 @@
understand at first.</p>
<!--ADD-TOPIC:Security-->
- <h4 id="writing-secure-applications-with-html"><span class="secno">1.8.1 </span>Writing secure applications with HTML</h4>
+ <h4 id="writing-secure-applications-with-html"><span class="secno">1.9.1 </span>Writing secure applications with HTML</h4>
<p><i>This section is non-normative.</i></p>
<p>When HTML is used to create interactive sites, care needs to be
@@ -1070,7 +1151,7 @@
</dd>
- </dl><!--REMOVE-TOPIC:Security--><h4 id="common-pitfalls-to-avoid-when-using-the-scripting-apis"><span class="secno">1.8.2 </span>Common pitfalls to avoid when using the scripting APIs</h4>
+ </dl><!--REMOVE-TOPIC:Security--><h4 id="common-pitfalls-to-avoid-when-using-the-scripting-apis"><span class="secno">1.9.2 </span>Common pitfalls to avoid when using the scripting APIs</h4>
<p><i>This section is non-normative.</i></p>
<p>Scripts in HTML have "run-to-completion" semantics, meaning that
@@ -1132,7 +1213,7 @@
- <h3 id="conformance-requirements-for-authors"><span class="secno">1.9 </span>Conformance requirements for authors</h3>
+ <h3 id="conformance-requirements-for-authors"><span class="secno">1.10 </span>Conformance requirements for authors</h3>
<p><i>This section is non-normative.</i></p>
<p>Unlike previous versions of the HTML specification, this
@@ -1151,7 +1232,7 @@
document and one with errors.</p>
- <h4 id="presentational-markup"><span class="secno">1.9.1 </span>Presentational markup</h4>
+ <h4 id="presentational-markup"><span class="secno">1.10.1 </span>Presentational markup</h4>
<p><i>This section is non-normative.</i></p>
<p>The majority of presentational features from previous versions of
@@ -1225,7 +1306,7 @@
<code><a href="the-s-element.html#the-s-element">s</a></code>, <code><a href="the-small-element.html#the-small-element">small</a></code>, and <code><a href="the-u-element.html#the-u-element">u</a></code>.</p>
- <h4 id="syntax-errors"><span class="secno">1.9.2 </span>Syntax errors</h4>
+ <h4 id="syntax-errors"><span class="secno">1.10.2 </span>Syntax errors</h4>
<p><i>This section is non-normative.</i></p>
<p>The syntax of HTML is constrained to avoid a wide variety of
@@ -1485,7 +1566,7 @@
- <h4 id="restrictions-on-content-models-and-on-attribute-values"><span class="secno">1.9.3 </span>Restrictions on content models and on attribute values</h4>
+ <h4 id="restrictions-on-content-models-and-on-attribute-values"><span class="secno">1.10.3 </span>Restrictions on content models and on attribute values</h4>
<p><i>This section is non-normative.</i></p>
<p>Beyond the syntax of the language, this specification also places
@@ -1728,7 +1809,7 @@
</dd>
- </dl><h3 id="recommended-reading"><span class="secno">1.10 </span>Recommended reading</h3>
+ </dl><h3 id="recommended-reading"><span class="secno">1.11 </span>Recommended reading</h3>
<p><i>This section is non-normative.</i></p>
<p>The following documents might be of interest to readers of this
Index: system-state-and-capabilities.html
===================================================================
RCS file: /sources/public/html5/spec/system-state-and-capabilities.html,v
retrieving revision 1.178
retrieving revision 1.179
diff -u -d -r1.178 -r1.179
--- system-state-and-capabilities.html 14 Sep 2012 01:14:34 -0000 1.178
+++ system-state-and-capabilities.html 14 Sep 2012 07:43:45 -0000 1.179
@@ -461,7 +461,9 @@
to user can be used to profile the user. In fact, if enough such
information is available, a user can actually be uniquely
identified. For this reason, user agent implementors are strongly
- urged to include as little information in this API as possible.</p>
+ urged to include as little information in this API as possible.
+ <!--INSERT FINGERPRINT-->
+ </p>
</div>
@@ -776,7 +778,9 @@
closely describes the current state of the handler described by the
two arguments to the method, where the first argument gives the
scheme and the second gives the string used to build the
- <a href="urls.html#url">URL</a> of the page that will handle the requests.</p>
+ <a href="urls.html#url">URL</a> of the page that will handle the requests.
+ <!--INSERT FINGERPRINT-->
+ </p>
<p>The first argument must be compared to the schemes for which
custom protocol handlers are registered in an <a href="infrastructure.html#ascii-case-insensitive">ASCII
@@ -791,7 +795,9 @@
closely describes the current state of the handler described by the
two arguments to the method, where the first argument gives the
<a href="infrastructure.html#mime-type">MIME type</a> and the second gives the string used to build
- the <a href="urls.html#url">URL</a> of the page that will handle the requests.</p>
+ the <a href="urls.html#url">URL</a> of the page that will handle the requests.
+ <!--INSERT FINGERPRINT-->
+ </p>
<p>The first argument must be compared to the <a href="infrastructure.html#mime-type" title="MIME
type">MIME types</a> for which custom content handlers are
@@ -1164,7 +1170,9 @@
<a href="urls.html#url">URL</a> to an OpenSearch description document. <a href="references.html#refsOPENSEARCH">[OPENSEARCH]</a></p></li>
</ol><p>The <dfn id="dom-external-issearchproviderinstalled" title="dom-external-IsSearchProviderInstalled"><code>IsSearchProviderInstalled()</code></dfn>
- method, when invoked, must run the following steps:</p>
+ method, when invoked, must run the following steps:
+ <!--INSERT FINGERPRINT-->
+ </p>
<ol><li><p>Optionally, return 0 and abort these steps. User agents may
implement the method as a stub method that never returns a
Index: webappapis.html
===================================================================
RCS file: /sources/public/html5/spec/webappapis.html,v
retrieving revision 1.385
retrieving revision 1.386
diff -u -d -r1.385 -r1.386
--- webappapis.html 14 Sep 2012 05:13:55 -0000 1.385
+++ webappapis.html 14 Sep 2012 07:43:45 -0000 1.386
@@ -375,7 +375,9 @@
<li>The user has not disabled scripting for this <a href="browsers.html#browsing-context">browsing
context</a> at this time. (User agents may provide users with
the option to disable scripting globally, or in a finer-grained
- manner, e.g. on a per-origin basis.)</li>
+ manner, e.g. on a per-origin basis.)
+ <!--INSERT FINGERPRINT-->
+ </li>
<li id="sandboxScriptBlocked">The <a href="browsers.html#browsing-context">browsing context</a>'s
<a href="browsers.html#active-document">active document</a>'s <a href="browsers.html#active-sandboxing-flag-set">active sandboxing flag
Received on Friday, 14 September 2012 07:43:50 UTC