RE: Another piece of state management, another way to track... from Mike O'Neill on 2012-11-19 (public-privacy@w3.org from October to December 2012)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Mon, 19 Nov 2012 18:15:23 -0000
To: "'David Singer'" <singer@apple.com>
Cc: <public-privacy@w3.org>
Message-ID: <008401cdc681$d7f9b700$87ed2500$@baycloud.com>

Hi David,

A PUA or  (or standard UA with DNT:1 ) could handle this as follows -  costs
max one extra request for standard redirects or one extra for every tracking
redirect:
	Send request for resource x
	If( response.sc==301 ) store redirect resource y
	Send request for resource x again (not cached so server cannot tell)
	If(301) and redirect resource == y
		Cache y for future access to x
               	Return y
	Else
		(Don't cache y for x)
		Return y

i.e. if redirect resource is constant, cache it as usual. If it changes then
assume it's a tracker and don't cache it.

Mike	

-----Original Message-----
From: David Singer [mailto:singer@apple.com] 
Sent: 19 November 2012 17:12
To: public-privacy@w3.org list)
Subject: Another piece of state management, another way to track...

Of course, that whenever the browser remembers something -- in this case, a
replacement URL because of an HTTP 'moved permanently' response -- it can be
used as a tracker.

<http://elie.im/blog/security/tracking-users-that-block-cookies-with-a-http-
redirect/>
<http://www.scatmania.org/2012/04/24/visitor-tracking-without-cookies/>



David Singer
Multimedia and Software Standards, Apple Inc.

Received on Monday, 19 November 2012 18:16:12 UTC