Improved Client Identification from Sanel Mesinovic on 2015-02-20 (ietf-http-wg@w3.org from January to March 2015)

From: Sanel Mesinovic <sanel.mesinovic@ymc.ch>
Date: Fri, 20 Feb 2015 15:36:14 +0000
To: ietf-http-wg@w3.org
Message-ID: <CADP4zhFON3u03kYfL2iYhhOoZ91LoLkcNamphFKniba2YdmugA@mail.gmail.com>

Hello,

I found your email address here <https://httpwg.github.io/about/policies/>.
Have one small contribution / request to make to the new HTTP 2 protocol.
Already wrote an email long time ago to Tim Berners Lee however no reply.
Maybe someone already during this time already raised the issue.

In my opinion the new protocol should introduce a better way to uniquely
identify the client. Currently it is not possible to uniquely identify a
user. IP identification is not reliable. There can be two or more users
behind the same IP. Session identification is even worse.

There are many advantages of using better identification:

a.) web analytics could track unique visitors per time period much more
accurately
b.) tracking user activity in apps e.g. not allowing the same user to like
the page if he has already clicked the Like / Vote button
c.) law enforcement could much easier prove who was the culprit behind the
criminal activity
d.) other reasons

In my vision the protocol should allow the server side to ask or the client
side to send the system data to the server. There could be two scenarios:

1.) The server could specify that the browser must provide the UNIQUE DATA
2.) The client could send the UNIQUE DATA by using javascript.

The definition of what is UNIQUE DATA could be:

a.) hardware component serial numbers but it might be too invasive e.g. HDD
= *5QE0RCHD* , MAC address = *01:23:45:67:89:ab*
b.) an agreed hash over serial numbers of the hardware components e.g. MAC
+ HDD  e.g. MD5 / SHA1 => *bb137c684f8a89e77ad09c101ec07ade*
c.) other solution

The suggestion does not have to use HDD or MAC address. Could be a
combination of more or other hardware components.

The unique data transmitted to the server could be stored in a newly
defined Header of the HTTP2 protocol.

It would be the Browser's responsibility to get the system data, specify
the UNIQUE DATA and add it to the HTTP request.

Looking forward to hearing from you.

Best regards,

Sanel Mesinovic

-- 
Sanel Mesinovic
Software Engineer
YMC AG
Sonnenstrasse 4
8280 Kreuzlingen
Switzerland

Web http://www.ymc.ch/en/author/sanel-mesinovic

Received on Wednesday, 4 March 2015 19:13:09 UTC