W3C home > Mailing lists > Public > public-html-media@w3.org > April 2016

[encrypted-media] Privacy: Ensure the user can clear all identifiers and other data that might enable tracking

From: ddorwin via GitHub <sysbot+gh@w3.org>
Date: Sat, 16 Apr 2016 00:26:41 +0000
To: public-html-media@w3.org
Message-ID: <issues.opened-148799200-1460766400-sysbot+gh@w3.org>
ddorwin has just created a new issue for 
https://github.com/w3c/encrypted-media:

== Privacy: Ensure the user can clear all identifiers and other data 
that might enable tracking ==
The spec requires that _Distinctive_ Identifiers be clearable but not 
_all_ potential identifiers. Examples include:
* Identifiers that don't match the definition of Distinctive 
Identifier (i.e. random values, especially after #117 is fixed).
* Persisted sessions and session data (#session-storage). (See [bug 
27268 comment 
5](https://www.w3.org/Bugs/Public/show_bug.cgi?id=27268#c5) by 
@hsivonen.)


<br/>In addition, as discussed in [bug 27268 comment 
6](https://www.w3.org/Bugs/Public/show_bug.cgi?id=27268#c6), "we 
should add a note somewhere explaining [how] persistent sessions could
 be used to track users." To address this, we should explicitly 
mention persistent sessions and other persistent state in 
https://w3c.github.io/encrypted-media/#user-tracking is the most 
likely candidate.

It probably also makes sense to explicitly mention persistent sessions
 in:
* https://w3c.github.io/encrypted-media/#privacy-storedinfo
* https://w3c.github.io/encrypted-media/#incomplete-clearing
* Maybe https://w3c.github.io/encrypted-media/#private-browsing.

Please view or discuss this issue at 
https://github.com/w3c/encrypted-media/issues/168 using your GitHub 
account
Received on Saturday, 16 April 2016 00:26:43 UTC

This archive was generated by hypermail 2.3.1 : Saturday, 16 April 2016 00:26:44 UTC