W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2014

Re: Canvas fingerprinting

From: Rigo Wenning <rigo@w3.org>
Date: Tue, 22 Jul 2014 09:24:31 +0200
To: David Singer <singer@apple.com>
Cc: Mike O'Neill <michael.oneill@baycloud.com>, public-privacy@w3.org
Message-ID: <3996162.sR0nkaYqJn@hegel.sophia.w3.org>
On Monday 21 July 2014 15:46:35 David Singer wrote:
> I don’t disagree with needing a meaningful DNT, but I also think we
> need to think of other ways we can assist/improve online privacy,
> that are not DNT.

What about not exposing your local fonts and using WOFF instead? For the 
moment, for security and for privacy, same origin means a fully trusted 
relation. (You remember that I think of the distinction between 
first/third party in DNT as the biggest mistake since sliced bread)

There is far too little thinking about rogue servers that access the 
browser within the same origin. The only thinking is about gaining 
access to the client machine. But this is better done with phishing 
email or some such worm. The hacking of the client side from the server 
side is rather to get information without being transparent about it. In 
the name of security, reliability, debugging, delivery etc all available 
info is stored and then re-used for something else =>big data. 

I think the necessity and relation to functionality of browser 
information exposure  could be a good topic for research before going 
Working Group and production. But it would need the willingness of 
browser makers to participate in that research. Because in the past, I 
haven't seen much good cooperation between privacy researchers on one 
side and browser developers on the other side. The climate is better now 
than it was in the past. 

 --Rigo
Received on Tuesday, 22 July 2014 07:25:05 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:57 UTC