W3C home > Mailing lists > Public > www-tag@w3.org > September 2011

Re: Logging out from Facebook

From: John Kemp <john@jkemp.net>
Date: Mon, 26 Sep 2011 17:56:01 -0400
Cc: "www-tag@w3.org List" <www-tag@w3.org>
Message-Id: <2A0467A0-926F-4E43-8874-F4C07F9EB680@jkemp.net>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
On Sep 26, 2011, at 4:36 PM, Bjoern Hoehrmann wrote:

> * John Kemp wrote:
>> How does the site know who the *user* is, if the user is not logged-in?
>> Yes, I understand that the preferred locale of an unidentified user is
>> important information in presenting a webpage that works for the user.
>> But if the user is not logged-in, the site should only assume that a
>> user who desires locale X is visiting their site. 
> 
> It would "know" by instructing the user's browser to retain identifying
> information, or by guessing based on the IP address and User-Agent, or
> any number of other things. Note that the preferred locale combined with
> IP address and user agent information can in fact identify individuals
> if the preference is reasonably unusual for a given address range. So I
> am not sure keeping the preferred locale is fair game when keeping the
> semi-unique identity (it's not really unique, the user may have signed
> out for instance to let someone else use the browser) is not.

Yes exactly. keeping per-user-session preferences should not be done when a user has explicitly logged out. It is no wonder that people are shocked when they find out they are still being tracked by a site after they have clicked 'logout'! And it is perfectly possible for a site to effectively log the user out from that site with technology that exists today. 

> 
>> I don't expect that I can be tracked across the Web by means of some
>> state maintained by my browser to record my preferred locale, for
>> example. Such information may (and should) be sent to all sites, and
>> thus is probably not best recorded as a cookie or other origin-related
>> piece of information. 
> 
> I stopped specifying language preferences using Accept-Language when it
> became common to let machines do the localization and to mix content in
> one language with a user interface in a different language. It depends
> on the site which language I'd prefer as localization quality varies.

Right - and if you care enough about both the site and the language, then you'd probably create an account and login to that account and use the language you want to on a per-site basis?

> I
> also would prefer to get the Mooring version when it is available, but
> that is a dialect in a language family with under 10000 speakers on the
> planet, so I cannot specify this if I don't want to be tracked easily.

Indeed - you are persuaded to either lie or to not declare your preference at all because of the worry of being tracked. 

Regards,

- John

> -- 
> Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
> Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
> 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
> 
Received on Monday, 26 September 2011 21:56:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:39 GMT