- From: Rigo Wenning <rigo@w3.org>
- Date: Tue, 22 Jul 2014 09:24:31 +0200
- To: David Singer <singer@apple.com>
- Cc: Mike O'Neill <michael.oneill@baycloud.com>, public-privacy@w3.org
On Monday 21 July 2014 15:46:35 David Singer wrote: > I don’t disagree with needing a meaningful DNT, but I also think we > need to think of other ways we can assist/improve online privacy, > that are not DNT. What about not exposing your local fonts and using WOFF instead? For the moment, for security and for privacy, same origin means a fully trusted relation. (You remember that I think of the distinction between first/third party in DNT as the biggest mistake since sliced bread) There is far too little thinking about rogue servers that access the browser within the same origin. The only thinking is about gaining access to the client machine. But this is better done with phishing email or some such worm. The hacking of the client side from the server side is rather to get information without being transparent about it. In the name of security, reliability, debugging, delivery etc all available info is stored and then re-used for something else =>big data. I think the necessity and relation to functionality of browser information exposure could be a good topic for research before going Working Group and production. But it would need the willingness of browser makers to participate in that research. Because in the past, I haven't seen much good cooperation between privacy researchers on one side and browser developers on the other side. The climate is better now than it was in the past. --Rigo
Received on Tuesday, 22 July 2014 07:25:05 UTC