W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2012

Re: TPAC breakout session - Is user agent Fingerprinting a lost cause?

From: David Singer <singer@apple.com>
Date: Wed, 24 Oct 2012 14:17:11 -0700
Cc: public-privacy@w3.org
Message-id: <591E9230-9AFB-45D0-AC07-A442A18F8018@apple.com>
To: Mike O'Neill <michael.oneill@baycloud.com>

On Oct 24, 2012, at 14:04 , Mike O'Neill <michael.oneill@baycloud.com> wrote:

> David,
> I assume it should have been is "is trying to stop user-agent fingerprinting
> a lost cause?". 

Thanks.  That is a more addressable question. It's certainly a measure-counter-measure world, and ugly.  I assume, if scripts fit into the equation, we should also ask about user finger-printing (e.g. typing and pointer usage patterns unique to individuals, and so on).

> I agree what you say about DNT, but I think browsers could take a more
> authoritarian role, and help ensure what users want in terms of privacy. If
> users specify a DNT preference why not enable features that inhibit
> fingerprinting, block 3rd party cookies etc. It would not be an endless quid
> pro quo because it would quickly become uneconomic for most of the bad
> actors to continue.

Yes, there is always the question of what you do with sites that don't implement DNT or are non-conformant, agreed.  The internet will never again be a place where trust is the norm. On the other hand, we can surely improve on the situation today: there is no underlying reason to continue with today's situation where honest, respectable people and honest, respectable businesses behave with hostility or distrust to each other. Reducing the problem to 'bad actors' on both sides would be a huge improvement.

> Mike
> -----Original Message-----
> From: David Singer [mailto:singer@apple.com] 
> Sent: 24 October 2012 19:01
> To: public-privacy@w3.org
> Subject: Re: TPAC breakout session - Is user agent Fingerprinting a lost
> cause?
> I would like to think that fingerprinting is un-needed.  One of the reasons
> I like the DNT approach is that it is, ideally, consensus-based on both
> sides. The alternative is the mutually hostile measure-counter-measure, at
> the end of which, no-one wins.
> Examples: 
> * if we block cookies, the sites find other ways to 'tag' us -- like
> fingerprints. So then we try to reduce the fingerprint surface. And so on.
> * if we block 'known trackers', probably by host address, then the sites
> would probably start cycling their DNS, or masquerading under the name of a
> legitimate non-tracking entity (e.g. the first party), and so on.
> If a site wants to 'tag' me, I want it consensual and evident; cookies are
> much more evident than a fingerprint I cannot see.
> So, reacting to the thread title:  what was the 'cause' that fingerprint was
> on, that might now be 'lost'?
> David Singer
> Multimedia and Software Standards, Apple Inc.

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Wednesday, 24 October 2012 21:18:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:54 UTC