- From: Joseph Lorenzo Hall <joe@cdt.org>
- Date: Fri, 28 Aug 2015 15:13:00 -0400
- To: David Singer <singer@apple.com>
- Cc: Nicholas Doty <npdoty@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
That's a good point, we should check to see if there is a warning about overly-precise API elements and add that if not. Nick, holler if you want text! best, Joe On Thu, Aug 27, 2015 at 11:24 PM, David Singer <singer@apple.com> wrote: > Does this draft need to mention avoidance of enabling fingerprinting by excessive precision of an otherwise ‘innocuous’ API? (E.g. I can differentiate batteries, and hence distinct visitors, by looking at precise measurements of batteries). > > >> On Aug 27, 2015, at 22:54 , Joseph Lorenzo Hall <joe@cdt.org> wrote: >> >> It would be great to start the process to publish this as a draft PING note! The new changes look awesome, Nick. >> >> There are still some outstanding things in the document; those are ok for a draft note or do we need to try to close them out before we publish? >> >> The note in 1.2.1 seems to be dealt with by adding a blurb about how this is not distinct from unexpected correlation (although why 1.2.2 is not enough, I don't know) and clarifying that this practice can result in collapsing pseudonymous identities into linked personas or something like that. >> >> We should definitely reach out to the HTML WG to ask if the fingerprint warning indicia has been useful or helpful. >> >> I don't think I understand ISSUE 1... can we say anything about best practices across UA implementations that might require cooperation outside of the spec? >> >> >> >> On Sun, Aug 23, 2015 at 9:58 PM, Nick Doty <npdoty@w3.org> wrote: >> I've revised the Fingerprinting Guidance for Web Specification Authors text, responding as best I can to comments from the TAG, the Tor Browser folks and other comments via mailing list. >> >> http://w3c.github.io/fingerprinting-guidance/ >> >> Changes in particular include: >> * moving feasibility question up earlier, emphasizing realism/pessimism >> * clarifying some of the best practices, regarding unnecessary additions to fingerprinting surface >> * additional examples and references (in particular, to the TAG finding on unsanctioned tracking) >> * filling in to-do sections (and marking remaining ones with issue boxes) >> >> To clarify the status of this document and to gather wider review, I think it would be useful to publish this as a draft Interest Group Note. As a Process matter, that would consist of: the Interest Group deciding we want to publish it as an Interest Group Note; getting confirmation from the domain lead that we can use this name/shortname; publishing a snapshot on w3.org indicating its status as a draft Note; asking chairs and other groups for feedback. >> >> And in any case, I'd welcome further feedback, additions, subtractions and the like. I get the impression that specific examples from different specs/Working Groups would be the most welcome addition. >> >> Thanks, >> Nick >> >> >> >> -- >> Joseph Lorenzo Hall >> Chief Technologist >> Center for Democracy & Technology >> 1634 I ST NW STE 1100 >> Washington DC 20006-4011 >> (p) 202-407-8825 >> (f) 202-637-0968 >> joe@cdt.org >> PGP: https://josephhall.org/gpg-key >> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 >> >> > > David Singer > Manager, Software Standards, Apple Inc. > -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 joe@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
Received on Friday, 28 August 2015 19:13:48 UTC