Re: Rethinking KeyStorage

• From: Mark Watson <watsonm@netflix.com>
• Date: Thu, 8 Nov 2012 02:05:09 +0000
• To: Ryan Sleevi <sleevi@google.com>
• CC: David Dahl <ddahl@mozilla.com>, public-webcrypto <public-webcrypto@w3.org>, Arun Ranganathan <arun@mozilla.com>, Harry Halpin <hhalpin@w3.org>, "<public-privacy@w3.org>" <public-privacy@w3.org>, "<runnegar@isoc.org>" <runnegar@isoc.org>
• Message-ID: <FAD6F599-D09B-4450-8D03-95BCBBEAE0C1@netflix.com>

On Nov 7, 2012, at 3:43 PM, Ryan Sleevi wrote:

> Given the number of concerns - both technical and legal - that exist
> with "device serial numbers" - eg: [1] [2] - I think it's reasonable
> to raise concerns about whether the W3C should be encouraging (or
> standardizing) the development of web applications and services that
> rely on such features.

You're welcome to raise that question in the appropriate forum (I'm not sure it's this one). Please tell me if you do so that I can respond. We had a similar debate when considering whether to begin work on the Encrypted Media Extensions in the HTML group, though I don't see much of a parallel in the subject matter here. W3C is certainly entitled, as an organization, to decide that the web platform should not support a particular set of commercial services. I for one would welcome a clear answer.

> 
> I appreciate you pointing out that "pre-provisioned device key" is
> effectively identical (regarding security and tracking concerns) to a
> "device serial number", since it may help participants better
> understand the real privacy risks being proposed here.

Just to be clear, we're talking about origin-specific keys/identifiers here, but yes the distinction between a key vs identifier is not important when considering the privacy implications.

> 
> [1] http://www.theverge.com/2012/3/25/2900787/apple-rejects-UDID-apps
> [2] http://www.businessinsider.com/everything-we-know-about-ifa-and-tracking-in-apples-ios-6-2012-10

I have no argument with the content of these articles. [1] points out the evils of an origin-independent, non-user-controllable device identifier. I completely agree.

[2] explains how Apple are migrating from that to something more transparent, putting users in control. That's a step forward and I'm proposing essentially the same thing. It's not clear if Apple's IFA is origin-specific. but that is another improvement, in my view.

You can certainly conclude from these and other articles on this topic that transparency and user control are important. I agree, Indeed, by "standardizing" a common approach for all iOS apps, Apple can give users a common settings panel to exercise this control. That's an improvement over every app doing their own implementation-specific opaque-to-users thing.

I don't think you can conclude from the articles that such identities are universally evil (as you seem to). A web in which ad targeting was impossible would be a pale reflection of what we have today: some people actually click on those ads and thereby pay the salaries of many people developing new and innovative applications. Including, perhaps, some people on this list ;-)

Please note, though, that my proposals are targeted at keys that are pre-provisioned for specific origins, not a general capability to provide such keys to any origin (though someone could certainly build that).

…Mark

Received on Thursday, 8 November 2012 02:05:46 UTC