W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2012

RE: TPAC breakout session - Is user agent Fingerprinting a lost cause?

From: JC Cannon <jccannon@microsoft.com>
Date: Wed, 24 Oct 2012 18:08:14 +0000
To: David Singer <singer@apple.com>, "public-privacy@w3.org" <public-privacy@w3.org>
Message-ID: <BB17D596C94A854E9EE4171D33BBCC810160BA1D@TK5EX14MBXC239.redmond.corp.microsoft.com>
If the user blocks cookies and is not logged into a service then how would a website be able to persist a user's consent? 

JC 

-----Original Message-----
From: David Singer [mailto:singer@apple.com] 
Sent: Wednesday, October 24, 2012 11:01 AM
To: public-privacy@w3.org
Subject: Re: TPAC breakout session - Is user agent Fingerprinting a lost cause?

I would like to think that fingerprinting is un-needed.  One of the reasons I like the DNT approach is that it is, ideally, consensus-based on both sides. The alternative is the mutually hostile measure-counter-measure, at the end of which, no-one wins.

Examples: 
* if we block cookies, the sites find other ways to 'tag' us -- like fingerprints. So then we try to reduce the fingerprint surface. And so on.
* if we block 'known trackers', probably by host address, then the sites would probably start cycling their DNS, or masquerading under the name of a legitimate non-tracking entity (e.g. the first party), and so on.

If a site wants to 'tag' me, I want it consensual and evident; cookies are much more evident than a fingerprint I cannot see.

So, reacting to the thread title:  what was the 'cause' that fingerprint was on, that might now be 'lost'?

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Wednesday, 24 October 2012 18:09:36 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 24 October 2012 18:09:36 GMT