W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2014

Re: Canvas fingerprinting

From: Georg Koppen <gk@torproject.org>
Date: Wed, 23 Jul 2014 15:22:36 +0000
Message-ID: <53CFD33C.1020603@torproject.org>
To: public-privacy@w3.org
Mike O'Neill:
> If the response to canvas and other forms of fingerprinting is an arms-race
> with browsers and their extensions, the web will turned into a war zone and
> be ruined for everybody.
> 
> This is why we need a meaningful DNT that people trust.

No, DNT will not help. See the FPDetective paper
https://www.cosic.esat.kuleuven.be/publications/article-2334.pdf and
there especially section 7.3.

Fingerprinting is more and more framed in the context of fraud detection
and prevention of abuse. Thus, it is getting more and more common to
ignore DNT because fingerprinting is not used (or at least it is claimed
so) to track users i.e. to invade their privacy. Rather, it is all about
devices and end users' quality of service (that's at least the story
those companies are trying to sell).

Georg

>> -----Original Message-----
>> From: Rigo Wenning [mailto:rigo@w3.org]
>> Sent: 21 July 2014 17:43
>> To: public-privacy@w3.org
>> Subject: Canvas fingerprinting
>>
>> https://securehomes.esat.kuleuven.be/~gacar/persistent/index.html
>>
>> There was a lot of discussion around canvas and whether it was the right
>> choice. It may also be the right choice for browser to give users the
>> option to turn all those nice new features off if they do not want to be
>> spied upon. To what extend do browsers trust the origin? I think we are
>> in a field with lots of shades of gray.
>>
>> Otherwise we are left surfing the Web with Amaya if we want privacy.
>> Amaya knows no cookies, no javascript, no canvas. This can turn into an
>> advantage..
>>
>>  --Rigo
> 
> 
> 
> 



Received on Friday, 25 July 2014 11:35:12 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:57 UTC