W3C home > Mailing lists > Public > public-p3p-spec@w3.org > January 2006

New tracking tool in Firefox

From: Rigo Wenning <rigo@w3.org>
Date: Wed, 18 Jan 2006 18:23:26 +0100
To: "'public-p3p-spec'" <public-p3p-spec@w3.org>
Message-Id: <200601181823.39772@rigo>
A Blog-entry
http://weblogs.mozillazine.org/darin/
and the subsequent slashdot discussion:
http://yro.slashdot.org/yro/06/01/18/1427212.shtml

report that Firefox has implemented a feature from the WhatWG which is pretty 
privacy invasive:
http://whatwg.org/specs/web-apps/current-work/#ping

If a link is clicked carrying a "ping" attribute, the fact that of clicking on 
that link is reported to several servers specified in the attribute. This 
allows tracking not only by referrer, but also to see where the user goes on 
leaving a certain server. In fact, it is the equivalent to the video-camera 
in the shop. 

A browser could also implement a more generic sniffer and send information 
about the current state of the computer (what other programs ran when he 
looked at our online-shop) to selected IP-addresses. The shop could be 
greatly improved, for sure.

Most security advises recommend to switch active components off. This won't 
help anymore. The WhatWG omits in their specification to ask for a very basic 
and important requirement: Ask the user before sending such information over 
to third parties. 

Should we take that into account in the tracking part? Is it individual 
tracking or pseudonymous analysis?

Best, 

Rigo




Received on Wednesday, 18 January 2006 17:24:05 GMT

This archive was generated by hypermail 2.2.0+W3C0.50 : Wednesday, 18 January 2006 17:24:06 GMT