W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2015

Re: Super Cookies in Privacy Browsing mode

From: Rigo Wenning <rigo@w3.org>
Date: Tue, 20 Jan 2015 10:42:08 +0100
To: David Singer <singer@apple.com>
Cc: public-privacy@w3.org
Message-ID: <3419872.p083dsucQo@hegel>
On Monday 19 January 2015 16:01:07 David Singer wrote:
> >> But that’s not what it is.  It is NOT asking “don’t profile” it’s asking
> >> “segregate records”.
> > 
> > This is much better done on the client side.
> 
> I fail to see how I can segregate Google’s history of me, solely on the
> client side.

By giving Google a different identity when shopping gifts. This is done using 
another login/cookie/ID. Ok, they theortically can correlate you via the IP 
address, but doing so would be clearly abusive. 
> 
> Private Browsing DOES this on on the client side;  I am exploring conveying
> this to the servers as an addition.

Private browsing is just ONE persona you're offering. In real life I see my 
kids using at least 3-5 personae while surfing. They do so by remembering in 
their head because browsers are too dumb to support them conveniently. It just 
doesn't make ad-money to help kids and people segregate their roles online. 
And of course, I'm a little too enthusiastic after over 8 years of research in 
that area.  

> >> OK, I don’t mind a general statement of “we support this feature”, and
> >> you
> >> can make this machine-readable if you think it’ll result in any action by
> >> the UA.  I rather suspect that having it human-readable is enough, that’s
> >> all.
> > 
> > If only the UA would remember where somebody said he would follow and
> > didn't and we could use the feedback as evidence.
> 
> sure, that’s part of the DNT well-known resource motivation.

and I fought for it as long as I was able too. At times nobody cared... It is 
more important than people think it is. 
> 
> > Secondly, you have to define what "segregation" means. If it just means
> > that my website is less stupid so that your wife won't find out about the
> > gifts you ordered online, than this is rather intelligent web design than
> > a new feature. All you need is stateful interaction.
> 
> well, I roughly agree.  Not sure what you mean by the last, 

stateful means that they know that this is still the same visitor. This means 
they can attach "forget after this session" to whatever trace they collect. 

> but in general,
> they promise that your activity in one persona will not affect what is
> visible in another, except that they may initialize named persona from the
> anonymous one.
While shopping, you're not anonymous anyway. I even would say that without 
using Tor you're not anonymous. But nobody wants to be anonymous. I just don't 
want to be confronted with my surfing habits from 1995. 

> > In times when ugly cookie - banners trump smart technology like DNT,
> > you'll
> > have to offer an added value (legal certainty) in order to get anything.
> > And I also think that hardcoding the personae into the one use case is
> > too little.
> I am not sure a nice ask, that’s not about tracking/secrecy but about being
> nice in linking data, needs legal backing.

If it wouldn't we would have a different discussion. Linking those traces is 
true money. And the Zeitgeist is to disrespect you even without money. The 
challenge is to exploit the unknown click-sheep the best one can. As I said, 
DNT would have been done long ago, had it allowed continued linking that isn't 
just shown to the user. But as long as the links are there, they will occur 
inadvertently with gifts for your wife. Because you would need two personae to 
avoid it. And here we are back. Instead of doing that server side, it is much 
smarter to do that client side. In the seventies, data protection was also 
about smarter computing. Here we go again. 

> >> 
> >> Cookies are useless here; cookies are specific to a domain, and this
> >> request is quite general.  One would need infinite numbers of cookies.
> > 
> > Why? We already have an infinite number of cookies (have you looked? :)
> 
> Because I am asking every server I visit, whether or not visited before.
> Cookies are set by the servers, and have a syntax that is specific to each
> server.

You seem to want a general statement of the type: Don't be so stupid to reveal 
the gifts I've bought with stupid those-who-bought-this-also-bought-that 
statements. Do we really need an http-header for that? And how do you switch?
In fact, what you want is a mode saying: "Hey, this should not be added to my 
profile if you respect me." Again, we are in personae. You could switch DNT on 
and off to do the same. Ok, we have middle states where I still want my 
fidelity points for the gift I bought but I don't want this to be revealed. 
This is a persona in the middle between track me and do not track me. 

And this is why Matthias wanted to have more states, but then turned the 
protocol so that a service could offer certain roles and you could chose with 
a signal. And of course, the most basic thing would be to define a simple role 
and have human-readable endorsement. The most simple of those actually is Do 
not track IMHO..

 --Rigo 
Received on Tuesday, 20 January 2015 09:42:19 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 20 January 2015 09:42:20 UTC