W3C home > Mailing lists > Public > www-tag@w3.org > September 2011

Re: Logging out from Facebook

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Mon, 26 Sep 2011 22:36:05 +0200
To: John Kemp <john@jkemp.net>
Cc: "www-tag@w3.org List" <www-tag@w3.org>
Message-ID: <2ri187phq2ginm1hiidurejcrua5vpvo8j@hive.bjoern.hoehrmann.de>
* John Kemp wrote:
>How does the site know who the *user* is, if the user is not logged-in?
>Yes, I understand that the preferred locale of an unidentified user is
>important information in presenting a webpage that works for the user.
>But if the user is not logged-in, the site should only assume that a
>user who desires locale X is visiting their site. 

It would "know" by instructing the user's browser to retain identifying
information, or by guessing based on the IP address and User-Agent, or
any number of other things. Note that the preferred locale combined with
IP address and user agent information can in fact identify individuals
if the preference is reasonably unusual for a given address range. So I
am not sure keeping the preferred locale is fair game when keeping the
semi-unique identity (it's not really unique, the user may have signed
out for instance to let someone else use the browser) is not.

>I don't expect that I can be tracked across the Web by means of some
>state maintained by my browser to record my preferred locale, for
>example. Such information may (and should) be sent to all sites, and
>thus is probably not best recorded as a cookie or other origin-related
>piece of information. 

I stopped specifying language preferences using Accept-Language when it
became common to let machines do the localization and to mix content in
one language with a user interface in a different language. It depends
on the site which language I'd prefer as localization quality varies. I
also would prefer to get the Mooring version when it is available, but
that is a dialect in a language family with under 10000 speakers on the
planet, so I cannot specify this if I don't want to be tracked easily.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Monday, 26 September 2011 20:36:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:39 GMT