W3C home > Mailing lists > Public > www-tag@w3.org > August 2015

Re: Our new report on tracking headers / W3C

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 19 Aug 2015 17:36:36 +1000
Cc: www-tag@w3.org
Message-Id: <486B0D8C-CE33-4468-8BB9-15AF71EF8FD1@mnot.net>
To: Deji Olukotun <deji@accessnow.org>
Hi Deji,

Thanks for that; this is very interesting and timely. 

You might be interested in looking at the ongoing discussion in the IETF about adding transport-level metadata; e.g., in SPUD, that would be available even for TLS connections.

 https://tools.ietf.org/html/draft-trammell-spud-req-00
 https://github.com/hildjj/draft-hildebrand-spud-prototype/blob/master/draft-hildebrand-spud-prototype.md

Cheers,



> On 18 Aug 2015, at 3:44 am, Deji Olukotun <deji@accessnow.org> wrote:
> 
> Hi -
> 
> Thought this might interest you, given the TAG's statement on July 17 on tracking headers and other privacy-related matters.
> 
> You may remember last year's story on Verizon's use of "supercookies" to track users. In the wake, Access launched AmIBeingTracked.com to allow users to see if the supercookie was being used on their network. 
> 
> Today, we have released a report on our findings. The report was covered by the Wall Street Journal: http://blogs.wsj.com/digits/2015/08/17/study-finds-supercookies-used-outside-u-s/.
> 
> Our report found alarming results, among them: 
> 	• Evidence of widespread deployment. Carriers in 10 countries around the world, including Canada, China, India, Mexico, Morocco, Peru, the Netherlands, Spain, the United States, and Venezuela, are using tracking headers
> 	• Tracking headers have been around for nearly 15 years; 
> 	• Users cannot block tracking headers because they are injected by carriers beyond their control, and they can attach to users even when roaming across international borders; 
> 	• Tracking headers leak private information about users and make them vulnerable to criminal attacks or even government surveillance; 
> 	• Tracking headers depend upon an HTTP, or unencrypted connection, to function, and may lead to fewer websites offering HTTPS.
> The full report is available here. 
> 
> Feel free to write with questions.
> -- 
> Deji Olukotun
> Senior Global Advocacy Manager
> Access | accessnow.org
> 
> tel: +1 415-935-4572 | @dejiridoo
> PGP: 0x6012CDA8
> Fingerprint: 3AEE 4194 F70E C806 A810 857A 6AD5 8F48 6012 CDA8
> 
> Subscribe to our free weekly newsletter on digital rights, the Access Express: accessnow.org/express

--
Mark Nottingham   https://www.mnot.net/
Received on Wednesday, 19 August 2015 07:37:09 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 19 August 2015 07:37:10 UTC