W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2013

RE: draft regarding fingerprinting guidance

From: Larry Masinter <masinter@adobe.com>
Date: Mon, 19 Aug 2013 15:40:56 -0700
To: David Singer <singer@apple.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <C68CB012D9182D408CED7B884F441D4D3472A46E17@nambxv01a.corp.adobe.com>
> >    $ Fingerprinting:   The process of an observer or attacker uniquely
> >       identifying (with a sufficiently high probability) a device or
> >       application instance based on multiple information elements
> >       communicated to the observer or attacker.  See [EFF].
> >
> > I wonder whether you find these definitions useful.

I agree with David that fingerprinting is in general reducing the space of possible identities and concentrating the belief about identity.

I'm a little concerned about "observer or attacker", since neither reasonably covers the main use case, which is that the origin server just uses data it was sent for other purposes. "observer" implies a passive observer separate from the main attacker. 
Received on Monday, 19 August 2013 22:43:18 UTC

This archive was generated by hypermail 2.3.1 : Monday, 19 August 2013 22:43:18 UTC