RE: TPAC breakout session - Is user agent Fingerprinting a lost cause?

If the user blocks cookies and is not logged into a service then how would a website be able to persist a user's consent? 

JC 

-----Original Message-----
From: David Singer [mailto:singer@apple.com] 
Sent: Wednesday, October 24, 2012 11:01 AM
To: public-privacy@w3.org
Subject: Re: TPAC breakout session - Is user agent Fingerprinting a lost cause?

I would like to think that fingerprinting is un-needed.  One of the reasons I like the DNT approach is that it is, ideally, consensus-based on both sides. The alternative is the mutually hostile measure-counter-measure, at the end of which, no-one wins.

Examples: 
* if we block cookies, the sites find other ways to 'tag' us -- like fingerprints. So then we try to reduce the fingerprint surface. And so on.
* if we block 'known trackers', probably by host address, then the sites would probably start cycling their DNS, or masquerading under the name of a legitimate non-tracking entity (e.g. the first party), and so on.

If a site wants to 'tag' me, I want it consensual and evident; cookies are much more evident than a fingerprint I cannot see.

So, reacting to the thread title:  what was the 'cause' that fingerprint was on, that might now be 'lost'?

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Wednesday, 24 October 2012 18:09:36 UTC