W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2015

Re: indicating 'private browsing mode' over the net (was Re: Super Cookies in Privacy Browsing mode)

From: Rigo Wenning <rigo@w3.org>
Date: Thu, 29 Jan 2015 20:43:18 +0100
To: David Singer <singer@apple.com>, "public-privacy mailing list) (W3C" <public-privacy@w3.org>
Message-ID: <3365337.JUs1KWAQoG@hegel>
trimming the cc - list..

On Thursday 29 January 2015 19:24:45 David Singer wrote:
> > It would have to include all the servers being accessed, third-parties
> > also. I think David's header would be seen all of them, and it would only
> > take one to ignore the contextual boundaries, decide to combine multiple
> > personas with other data in a PII keyed database, then broadcast it to
> > the world (and UA based UUIDs are far more reliably user-identifying than
> > IP addresses which are usually ephemeral and non-unique). 
> True, but don’t forget we’re coming from a state where the servers don’t
> even know of the desire.  I don’t mind machine-based discoverability, but
> it’s tricky to work out how to include transparent proxies and caches in
> that.

Now comes the feedback again that I mentioned earlier. On a typical site, 
there are up to 200 trackers and more. If you have a feedback mechanism, you 
know who is making promises and who is not. The machine can work that out 
while it would be overkill for the end-user. In case the feedback is that my 
request won't be honored, my browser can simply block that GET request, or 
fool the server or be creative by sending them the cookie from last year, 
or....

 --Rigo

Received on Thursday, 29 January 2015 19:43:31 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 January 2015 19:43:31 UTC