W3C home > Mailing lists > Public > public-webcrypto@w3.org > November 2012

Re: Rethinking KeyStorage

From: Seetharama Rao Durbha <S.Durbha@cablelabs.com>
Date: Wed, 7 Nov 2012 17:10:16 -0700
To: Ryan Sleevi <sleevi@google.com>, Mark Watson <watsonm@netflix.com>
CC: David Dahl <ddahl@mozilla.com>, public-webcrypto <public-webcrypto@w3.org>, Arun Ranganathan <arun@mozilla.com>, Harry Halpin <hhalpin@w3.org>, "public-privacy@w3.org" <public-privacy@w3.org>, "runnegar@isoc.org" <runnegar@isoc.org>
Message-ID: <CCC04379.79F1%s.durbha@cablelabs.com>
On 11/7/12 4:43 PM, "Ryan Sleevi" <sleevi@google.com<mailto:sleevi@google.com>> wrote:

I appreciate you pointing out that "pre-provisioned device key" is
effectively identical (regarding security and tracking concerns) to a
"device serial number", since it may help participants better
understand the real privacy risks being proposed here.

[1] http://www.theverge.com/2012/3/25/2900787/apple-rejects-UDID-apps
[2] http://www.businessinsider.com/everything-we-know-about-ifa-and-tracking-in-apples-ios-6-2012-10

I think a certain perspective is being lost here.
Firstly, device finger-printing is already being used - by third-party cookies that users do not even know about, and by DRM clients that necessarily have to finger-print the device (flash cookies !!), among others. So, I do not understand why there is so much talk about privacy  particularly when the requirement is that the user grant permission to use that key. Mark is right  it is a user's choice. It is a necessary information for the service to be provided.

Mark is also right that privacy is a business issue, not a technology issue.
Received on Thursday, 8 November 2012 00:11:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:14 UTC