W3C home > Mailing lists > Public > public-webcrypto@w3.org > November 2012

Re: Unique identifiers and WebCrypto

From: Wan-Teh Chang <wtc@google.com>
Date: Thu, 8 Nov 2012 11:34:13 -0800
Message-ID: <CALTJjxE8qCotRmTh7CkyniUmBWsMETm=j8EEQDOfxbhLrgRPqA@mail.gmail.com>
To: Mark Watson <watsonm@netflix.com>
Cc: Thomas Hardjono <hardjono@mit.edu>, Seetharama Rao Durbha <S.Durbha@cablelabs.com>, "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
On Thu, Nov 8, 2012 at 11:27 AM, Mark Watson <watsonm@netflix.com> wrote:
>
> My objective with the feature in question here is that the privacy
> implications be no worse than (and hopefully better than) cookies
> and web storage. One aspect in which the situation is better is
> that users have very little idea what a site will use cookies and
> web storage for when they give permission. Giving a site
> permission to access an (origin-specific) device identifier is
> arguably easier to understand.

If I understand it correctly, the perceived problem with an origin-specific
device identifier is that it is "read only" and cannot be deleted by the
user.

On the other hand, the user can effectively change the device identifier
by getting a new device, whereas an (origin-specific) user identifier,
such as my Yahoo Mail account and Amazon.com account, usually
last much longer than the lifetime of a device. So it's not clear to me
if a device identifier has more serious privacy issues.

Wan-Teh
Received on Thursday, 8 November 2012 19:34:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:14 UTC