On Mon, Sep 14, 2015 at 1:08 PM, Rigo Wenning <rigo@w3.org> wrote: > > thanks for the cross-linking. The same argumentation has already be used > during the rechartering of the WebCrypto Group. The privacy argument used > by > people from one of the largest origins is funny at best. If I use my token > with A and I use my token with B, A and B have to communicate to find out > that > I used them both. > For precision's sake: FIDO's model for U2F tokens is that A and B cannot determine from their U2F-derived information that the same token was used to create an account with A and and account with B, even if A and B collude to try to determine this. If I use my super large origin to have analytics here and advertisement > there > and social networking over there, all the identified data is collected by > the > super same origin. This makes the privacy argument in this discussion so > interesting. Especially as it gives the big players that are already close > to > monopoly yet another competitive advantage. > This is a similar argument to the one Andreas Gal made when arguing that Google's push for HTTPS was actually a way of shutting out competitors from obtaining user search queries/responses. http://andreasgal.com/2015/03/30/data-is-at-the-heart-of-search-but-who-has-access-to-it/ It's a dynamic worth understanding, and I'm thankful Andreas wrote this post, but it doesn't follow that HTTPS is bad for users, bad for competition, or that Google's staff are arguing for HTTPS in bad faith. -- Eric -- konklone.com | @konklone <https://twitter.com/konklone>
Received on Tuesday, 15 September 2015 04:07:29 UTC