W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2012

RE: TPAC breakout session - Is user agent Fingerprinting a lost cause?

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Wed, 24 Oct 2012 20:54:29 +0100
To: "'David Singer'" <singer@apple.com>
Cc: <public-privacy@w3.org>
Message-ID: <077201cdb221$619a4ee0$24ceeca0$@baycloud.com>
And a consent service can persist the state with a cookie in its own domain
(which it gets user consent for). This works well in Europe because the law
requires opt-in (consent cannot be implied). We still need DNT for 3rd
party, which it is only good for anyway as things stand.

Mike

-----Original Message-----
From: David Singer [mailto:singer@apple.com] 
Sent: 24 October 2012 19:12
To: JC Cannon
Cc: public-privacy@w3.org
Subject: Re: TPAC breakout session - Is user agent Fingerprinting a lost
cause?


On Oct 24, 2012, at 11:08 , JC Cannon <jccannon@microsoft.com> wrote:

> If the user blocks cookies and is not logged into a service then how would
a website be able to persist a user's consent? 

In a world where consent is sought and respected, why would the user block
cookies?

> 
> JC 
> 
> -----Original Message-----
> From: David Singer [mailto:singer@apple.com] 
> Sent: Wednesday, October 24, 2012 11:01 AM
> To: public-privacy@w3.org
> Subject: Re: TPAC breakout session - Is user agent Fingerprinting a lost
cause?
> 
> I would like to think that fingerprinting is un-needed.  One of the
reasons I like the DNT approach is that it is, ideally, consensus-based on
both sides. The alternative is the mutually hostile measure-counter-measure,
at the end of which, no-one wins.

> 
> Examples: 
> * if we block cookies, the sites find other ways to 'tag' us -- like
fingerprints. So then we try to reduce the fingerprint surface. And so on.
> * if we block 'known trackers', probably by host address, then the sites
would probably start cycling their DNS, or masquerading under the name of a
legitimate non-tracking entity (e.g. the first party), and so on.
> 
> If a site wants to 'tag' me, I want it consensual and evident; cookies are
much more evident than a fingerprint I cannot see.
> 
> So, reacting to the thread title:  what was the 'cause' that fingerprint
was on, that might now be 'lost'?
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.
> 
> 

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Wednesday, 24 October 2012 19:55:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 24 October 2012 19:55:21 GMT