W3C home > Mailing lists > Public > public-web-perf@w3.org > April 2013

[Error Logging] Privacy of error log versus LocalStorage

From: Aaron Heady (BING) <aheady@microsoft.com>
Date: Wed, 10 Apr 2013 16:03:33 +0000
To: "public-web-perf@w3.org" <public-web-perf@w3.org>
Message-ID: <b764d1215ed943aa96ec8724f97d8db1@BLUPR03MB067.namprd03.prod.outlook.com>
After talking last week about Error Logging and possibly security issues with tracking resource requests across sessions we decided to break the logging up into Current (page + resources) and History (just page) logs. This was to mitigate the opportunity to use error logging data as a pseudo cookie replacement to track users. I wanted to discuss an (ugly) method to still attempt to track users and see if it really is a problem, or just an extension of existing issues already covered with LocalStorage. 

---
Possible scenario to use error logging to track a browser:

Given a site (www.example.com) that sets a UserID=1234 value to track users. They would prefer to use cookies and when that works there isn't anything special. However, when cookies are disabled the site tries to use error logging to store the UserID for reliable recover later. To do this they could open a popup window while the user is browsing. The document address of that window would be www.example.com/storeid.php?UserID=1234. The servers that host example.com always return a HTTP 500 for the storied.php page. So the popup would return an error (ignored by the user) and add a log entry for www.example.com/storeid.php?UserID=1234 into error logging. That entry could be there essentially permanently and would act as a crumb of data identifying the user on future requests even though they disabled cookies. 
---

I'm not sure how (if at all) error logging differs from accessing data stored previously in LocalStorage for a given domain. I envision error logs being stored in essentially a LocalStorage clone, so if I could store a UserID in LocalStorage, then it would be equivalent to using an error log to do the same. So far it looks like error logging data is a per browser storage, not per user. So a UserID stored in error logging or LocalStorage could come from any user on the system, but it still would be a stable ID for that browser, just not specific users. 

If there isn't a concern about tracking people through LocalStorage then I don't think there should be a concern about tracking people with errorlogging. We just need to abide by the same rules as LocalStorage and cookies and disable/clear errors when cookies are disabled or deleted, history purged, etc. That aligns it with other data storage rules about browsing history/privacy and has a clean & consistent experience for consumers. 


Aaron
Received on Wednesday, 10 April 2013 16:05:31 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:04:35 UTC