W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: [perpass] HTTP user-agent fingerprinting

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 13 Sep 2013 13:51:44 -0700
Message-ID: <CABkgnnXLjaFn=GPV-3U8QwKqhoMoYV7Tf5UPhYbWbvjuaC0pHA@mail.gmail.com>
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: Patrick Pelletier <code@funwithsoftware.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, HTTP Working Group <ietf-http-wg@w3.org>, perpass@ietf.org
On 13 September 2013 13:26, Roy T. Fielding <fielding@gbiv.com> wrote:
> In any case, the primary source for fingerprinting information
> in browsers is the DOM interfaces, and I've seen very little to
> suggest that browser developers are willing to remove them.

Speaking as someone actively involved in expanding the browser
fingerprinting surface, the DOM is definitely where the worst
fingerprinting problems exist.

That's not to say that the right response is to throw our hands up and
say "the Chinese are doing nothing about climate change, why should we
suffer hardship?"  Putting the fact that the premise is completely
wrong aside for a moment, there are things that can be done.  On the
down side, we're not really the right group to do it.  On the up side,
the browsers - who are the right people - already are doing something.

There aren't that many browsers in wide use.  Most of those
automatically update.  The number of fingerprinting bits available
from User-Agent if you use one of these browsers is actually very low.
 The value derived from those bits is simultaneously diminishing as
more capability detection moves to the DOM.

It may be that at some future point, the value of User-Agent
diminishes to the point that browsers will cease sending it (or they
will all send the same thing).  At which point it contains zero bits
of fingerprint entropy.  For the moment, it's still very useful in
some contexts, particularly mobile, so I suspect that it would very
hard to go cold turkey.
Received on Friday, 13 September 2013 20:52:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:15 UTC