- From: Joanne Furtsch <jfurtsch@truste.com>
- Date: Wed, 24 Oct 2012 10:08:09 -0700
- To: "rob@blaeu.com" <rob@blaeu.com>
- CC: "public-privacy@w3.org" <public-privacy@w3.org>
I think this will be a great topic to discuss as we are seeing this technology being used more. Joanne Sent from my iPhone On Oct 24, 2012, at 1:05 PM, "Rob van Eijk" <rob@blaeu.com> wrote: > Hi JC, > > Fingerprinting is just like most cookies subject to article 5.3 of the > e-privacy directive. A privacy risk that I see increasing as a > consequence of DNT and EU cookie consent is that companies are most > likely pushing towards a bypass of DNT, i.e. gaining out of band (server > based) consent and store that user choice in databases. Fingerprinting > can be used in that usecase to identify a user and subsequently find out > by querying the consent database whether a user has given consent. > > Rob > > JC Cannon schreef op 2012-10-24 17:29: >> I feel this is a great topic to discuss in light of the DNT and EU >> cookie consent work happening. Both will limit the ability to use >> cookies to re-identify a returning user/computer to a website. If >> cookies are not viable it may push websites to use fingerprinting. >> I'm >> hoping this discussion will provide ideas for two big problems: >> >> 1. How to minimize the ability for browsers to be fingerprinted. >> 2. Providing a privacy-friendly way for users to build a relationship >> with trusted websites. >> >> JC >> >> -----Original Message----- >> >>> From: Christine Runnegar [mailto:runnegar@isoc.org] >>> Sent: Sunday, October 21, 2012 7:09 AM >>> To: public-privacy@w3.org mailing list) >>> Cc: Hill, Brad >>> Subject: TPAC breakout session - Is user agent Fingerprinting a lost >>> cause? >>> >>> As mentioned on our call on 18 October 2012, Brad Hill has kindly >>> proposed a session entitled "Is user agent Fingerprinting a lost >>> cause?". >>> >>> The session description from the TPAC wiki is set out below. >>> >>> >>> http://www.w3.org/wiki/TPAC2012/SessionIdeas#Is_user_agent_Fingerprinting_a_lost_cause.3F >>> >>> ------ >>> >>> As more features and functionality are added to the Web browser, the >>> more risks we create in terms of privacy and security. As user agent >>> complexity increases, and as they expose more "native" variation in >>> the underlying platform, so does their ability to be uniquely >>> identified (and users tracked) through capability analysis. >>> >>> The EFF's Panopticlick project already tracks ~60 bits of >>> identifying information available in the typical user agent and >>> certainly a more determined effort could find more, in addition to >>> information available through lower-layer technologies like TCP or >>> side-channels like JavaScript performance profiling. >>> >>> What responsibility do W3C WG's have to make their technologies >>> passive-privacy friendly, and how is that to be balanced with >>> discoverability and usability? >>> >>> Topics: >>> >>> - Is preventing fingerprinting a lost cause in the general purpose >>> web user agent? >>> - Where is the bar on trackability? Life-critical anonymity for >>> political dissidents is different in what we can and must promise vs. >>> "casual" anonymity for e.g. advertising >>> - Lessons from Do Not Track on technical vs. policy-driven >>> approaches >>> - Lessons from anonymous / incognito browser modes >>> - Should specs provide standard defaults for anonymous / incognito / >>> Tor browser modes? > >
Received on Wednesday, 24 October 2012 17:14:19 UTC