Re: Privacy concerns with entity tags from Carl von Loesch on 1996-06-13 (ietf-http-wg@w3.org from April to June 1996)

From: Carl von Loesch <c@rlos.pages.de>
Date: Thu, 13 Jun 1996 19:23:24 +0200 (MET DST)
To: Larry Masinter <masinter@parc.xerox.com>
Cc: c@rlos.pages.de, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <199606131723.TAA09425@tango.mikro.biologie.tu-muenchen.de>

Larry Masinter typeth:
| connect?"). The kind of user tracking that you're suggesting could
| even be enhanced today in HTTP/1.0 by fiddling with the low order bits
| of the Last-Modified date. 

I'm feeling warmly terrified.
I guess there's nothing we can do then.
 
| Given that almost all browsers have separate IP connectivity, it is
| actually the IP address of the requestor that is the most significant
| "privacy vulnerability"; the only defense is the aggregation of
| multiple users behind proxies where the proxy does not forward the
| identity of the requestor. 

I have always been using proxy servers also for that purpose.
In Munich for instance about 3 universities all share one big
cache server. You cannot trace back people when you get a
request from such a proxy. And luckily, even if one manages to
do that marking of cache-validators, he will only get a more
precise idea of the number of people and their click trails, but
still not get the actual host or user name.

Guess I've been too paranoid while reading the specs.	;-)

| although I would imagine many browsers would systematically delete all
| "cache-control: private" entries systematically (perhaps as a

That would be too late, as the proxy cache is no longer serving the
data to other users, which is what a tracking-site would want to avoid.
But nevermind.

| I could imagine lengthening our already lengthy "Security
| Considerations" section to point out this privacy concerns. However,

In this case it would just read like an instruction booklet on how
to improve user tracking..

| the alternative you offer (MD5-digest as entity tag) was considered
| but not taken seriously because of the difficulty of constructing them
| and validating them for entities that are constructed on the fly.

Oh that's sad.. I like the idea of checking consistency and validating
at once, but I can see the point.


Well then I'm done and wish everyone good luck with
the departure of HTTP/1.1!	:^)


My Regards, Carl
-- 
	____				_______
 mailto:LynX@impACT.pages.de	    irc:symLynX		   http://my.pages.de/
 mailto:LynX@you.might.aswell.use.this.as.my.mail.address.no.kidding.pages.dE

Received on Thursday, 13 June 1996 10:33:03 UTC