- From: Appelquist, Daniel, VF-Group <Daniel.Appelquist@vodafone.com>
- Date: Thu, 23 Sep 2010 14:05:38 +0200
- To: "tag" <www-tag@w3.org>
- Cc: "Oracle" <ashok.malhotra@oracle.com>, "Noah Mendelsohn" <nrm@arcanedomain.com>
- Message-ID: <C8BFFA85.14352%daniel.appelquist@vodafone.com>
This is diabolical. It should be a wake-up call to us on Web privacy. Considering that many of the options listed are ³part of HTML5,² Iım most worried that HTML5 could become associated with a lack of privacy. If anything, the reverse should be true: we (w3c & web standards community) should work to ensure that the HTML5 ³brand² stands for _enhanced_ privacy. Dan On 22/09/2010 09:49, "Noah Mendelsohn" <nrm@arcanedomain.com> wrote: > Following up on [1], I note this [2]: > > " evercookie is a javascript API available that produces > extremely persistent cookies in a browser. Its goal > is to identify a client even after they've removed standard > cookies, Flash cookies (Local Shared Objects or LSOs), and > others. > > evercookie accomplishes this by storing the cookie data in > several types of storage mechanisms that are available on > the local browser. Additionally, if evercookie has found the > user has removed any of the types of cookies in question, it > recreates them using each mechanism available. > > Specifically, when creating a new cookie, it uses the > following storage mechanisms when available: > - Standard HTTP Cookies > - Local Shared Objects (Flash Cookies) > - Storing cookies in RGB values of auto-generated, force-cached > PNGs using HTML5 Canvas tag to read pixels (cookies) back out > - Storing cookies in Web History (seriously. see FAQ) > - HTML5 Session Storage > - HTML5 Local Storage > - HTML5 Global Storage > - HTML5 Database Storage via SQLite" > > Noah > > > [1] http://lists.w3.org/Archives/Public/www-tag/2010Sep/0029.html > [2] http://samy.pl/evercookie/ > >
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Thursday, 23 September 2010 12:06:14 UTC