W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2015

Re: 'persona', indicating 'private browsing mode' over the net

From: イアンフェッティ <ifette@google.com>
Date: Tue, 3 Mar 2015 15:20:15 -0800
Message-ID: <CAF4kx8dAYLwNX5GesxjUUDp+bhDEtt7y4G=juDqQSQbmLFFyJw@mail.gmail.com>
To: David Singer <singer@apple.com>
Cc: Joseph Lorenzo Hall <joe@cdt.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
What you're asking for is quite a bit in that case. Netflix has a notion of
"personas" when I sign in. It asks me "Is this Ian watching or someone
else". So, in theory it ought to be able to hook up to such a mechanism as
you describe. But you're asking every other site to build in something like
that -- the household Amazon Prime account becomes "John's purchases" and
"Jane's purchases". Or the kid-at-college's purchases. That's a rather
large ask for a lot of sites...

2015-03-03 14:46 GMT-08:00 David Singer <singer@apple.com>:

>
> > On Mar 3, 2015, at 14:40 , Ian Fette (イアンフェッティ) <ifette@google.com>
> wrote:
> >
> > The problems with scoped identifiers are (at least):
> > a) defining what they are scoped by.  ‘The user you think it is from
> some other information, if any’ is not very good standards-writing.
> >
> > Well, it could be origin-scoped :)
> >
> > b) if it’s scoped by the machine, you can’t carry on searching for your
> SO’s birthday present from your phone (on the go) to your laptop (at home)
> >
> > What else would it be scoped by? If you have a named profile for the
> user that's not transient, why do you need any of this? Named profiles in
> Chrome (and other browsers AFAIK) keep separate cookie jars, and I'm not
> really sure what this buys us over separate cookie jars. Asking e.g. ads
> servers to keep data separate (even when it's coming from the same IP and
> fingerprintable data) based on a different "persona" seems like a bit of a
> DNT-sized task :) Asking other sites to build new infrastructure based on
> personas seems a lot more complicated than saying "we'll keep the cookies
> separate for different personas" and letting people carry on.
>
> If you keep the cookies separate, then either I can’t buy my wife’s
> birthday present using my account, or I can, and the illusion of separation
> evaporates.  The deal is no longer "you know it’s me but you agree to keep
> records segregated” but “I am going to try to pretend to be somebody else,
> but if you work out it’s me or I reveal it, the separation evaporates”.
>
>
> David Singer
> Manager, Software Standards, Apple Inc.
>
>
Received on Tuesday, 3 March 2015 23:20:42 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 3 March 2015 23:20:43 UTC