W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2012

Re: skeleton draft regarding fingerprinting guidance

From: Georg Koppen <g.koppen@jondos.de>
Date: Fri, 07 Dec 2012 20:25:34 +0100
Message-ID: <50C242AE.9090609@jondos.de>
To: Fred Andrews <fredandw@live.com>
CC: Nicholas Doty <npdoty@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
> I suggest removing any discussion of 'Personal safety and anonymous browsing', as it does not seem relevant.  For example, we all accept that losing security of our web banking signin details is a threat and do not require a list of stories showing how this could be damaging.

Could you elaborate on this? You are neither talking about personal
physical safety nor about anonymous browsing in your arguments but about
security. Thus, I don't see why that discussion should get removed.

Georg

>> From: npdoty@w3.org
>> Date: Tue, 4 Dec 2012 17:21:58 -0800
>> To: public-privacy@w3.org
>> Subject: skeleton draft regarding fingerprinting guidance
>>
>> Hi all,
>>
>> Inspired by conversations at the TPAC breakout session on fingerprinting, I've started an outline/draft of a document for giving positive guidance to spec authors about what fingerprinting is exactly and how we might address it across specs.
>>
>> As you can see, this is a mostly empty outline and obviously just a beginning, and I'm certainly not wedded to any of it. But I thought it might be a good basis for conversation, perhaps on this week's conference call, or just on the list. In particular, documenting the different threats or different levels of success sounded like it would be useful for spec authors who we hear are already thinking about this balancing act.
>>
>> Thanks in advance for all your thoughts,
>> Nick
>>
>> P.S. Written in Markdown, forgive me if you don't like this syntax. I'm happy to throw this on the wiki or on github if people would like to collaborate on it actively.
>>
>>
>> # Fingerprinting Guidance for Specification Authors
>>
>> In short, browser fingerprinting is:
>>> the capability of a site to identify or re-identify a visiting user, user agent or device via configuration settings or other observable characteristics.
>>
>> (A more detailed list of types of fingerprinting is included below.)
>>
>> ## Privacy threat models
>>
>> Browser fingerprinting is a potential threat to privacy on the Web. This document does not attempt to provide a single unifying definition of privacy, but we note concerns about loss of anonymity and unexpected correlation of online activity.
>>
>> Following from the practice of security threat model analysis, we note that there are distinct models of privacy threats for fingerprinting. Defenses against these threats differ, depending on the kind of user and concern.
>>
>> * Personal safety and anonymous browsing:
>>
>>> For some users, personal physical safety can be impacted if their online activities can be associated with their real-world identity -- for example, a political author under an unfriendly regime. Correlation of activity across sites (using a common fingerprint) might allow an attacker to connect a name to an online pseudonym. Such users might employ onion routing systems such as Tor to limit network-level linkability but still face the danger of browser-fingerprinting to correlate their Web-based activity.
>>
>> * Unexpected correlation of browsing activity:
>>
>>> Fingerprinting provides privacy concerns even when real-world identities are not implicated. Some users may be surprised or concerned that an online party can correlate multiple visits (on the same or different sites) to develop a profile or history of the user. This concern is heightened because tools such as clearing cookies do not prevent or "re-set" correlation done via browser fingerprinting.
>>
>> There are also different levels of success in addressing browser fingerprinting:
>>
>> * Decreased fingerprinting surface:
>> * Increased anonymity set: 
>> * Client-preventable fingerprinting: 
>> * Externally detectable fingerprinting: 
>>
>> ## Types of fingerprinting
>>
>> ### Passive
>>
>> ### Active
>>
>> ### Cookie-like (setting/retrieving local state)
>>
>> ## Mitigations and guidance
>>
>> ### Weighing increased fingerprinting surface
>>
>> ### A standardized profile?
>>
>> ### Do Not Track: a cooperative approach
>>
>> ## Research
>>
>> [What are the key papers to read here, historically or to give the latest on fingerprinting techniques? What are some areas of open research that might be relevant?]
>>
>> ## References
>  		 	   		  

-- 
eMail:       g.koppen@jondos.de
PGP/GPG:     8BC5 21EC F35B 28FC DFA8  A3BE AC3D 3FC8 D936 B338

Jabber:      groeg@jabber.org
OTR-Abdruck: ACCB0DA9 4D353BF8 642CB1F2 E33F4EAB 570F7823

JonDos GmbH
Firmensitz: Bruderwöhrdstraße 15b, 93055 Regensburg
Registergericht: Amtsgericht Regensburg, HRB 10532
Umsatzsteuer-Identifikationsnummer: DE814839010
Geschäftsführer: Rolf Wendolsky, Thomas Dumler


Received on Friday, 7 December 2012 19:26:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 7 December 2012 19:26:23 GMT