W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: Improved Client Identification

From: Chris Seal (HWEL - 3 Solutions - Technology Manager) <Chris.Seal@hwleurope.com>
Date: Thu, 05 Mar 2015 13:03:37 +0000
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <D11E03D9.BEB%Chris.Seal@hwleurope.com>
Iıd agree that this would go against BCP188.

Arguably itıs already possible without the need for anything new.  See
https://panopticlick.eff.org/
and
https://panopticlick.eff.org/browser-uniqueness.pdf

Chris

On 05/03/2015 09:43, "Cory Benfield" <cory@lukasa.co.uk> wrote:

>On 20 February 2015 at 15:36, Sanel Mesinovic <sanel.mesinovic@ymc.ch>
>wrote:
>> Hello,
>>
>> I found your email address here. Have one small contribution / request
>>to
>> make to the new HTTP 2 protocol. Already wrote an email long time ago
>>to Tim
>> Berners Lee however no reply. Maybe someone already during this time
>>already
>> raised the issue.
>
>Unfortunately, HTTP/2 is now complete, which means this request is out
>of scope for HTTP/2. You could make this request as a generic HTTP
>extension, however I don't recommend it.
>
>> In my opinion the new protocol should introduce a better way to uniquely
>> identify the client. Currently it is not possible to uniquely identify a
>> user. IP identification is not reliable. There can be two or more users
>> behind the same IP. Session identification is even worse.
>
>Why?
>
>Setting a cookie absolutely does uniquely identify a client, unless
>the client chooses to remove it. It also does not allow correlation
>across origins. For that reason, I have to assume that the following
>motivations apply to this request:
>
>- you'd like to be able to uniquely identify a client across multiple
>domains
>- you'd like to prevent clients from being able to opt out of tracking
>
>I'd say that either one of these is in violation of IETF BCP 188[0],
>though I admit to that being a slightly broader reading of BCP 188
>than is common. IMO, clients should always be able to choose not to be
>tracked, and they should certainly be free from any form of
>cross-domain tracking. There is a reason that people are uncomfortable
>with the way the Facebook 'like' button can be used to track users as
>they move around the web: adding an easier tools to do it would not
>make people happier, safer or more free.
>
>I am confident the IETF and this WG would never dream of adding such
>functionality.
>
>[0]: https://tools.ietf.org/html/bcp188
>

Please consider the environment before printing this email
________________________________
This e-mail is only intended for the person(s) to whom it is addressed and may contain PRIVILEGED or CONFIDENTIAL information. Any opinions or views are personal to the writer and do not represent those of Hutchison Whampoa (Europe) Limited, Hutchison Whampoa Limited or its group companies. If you are not the intended recipient, you are hereby notified that any use, retention, disclosure, copying, printing, forwarding or dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify the sender immediately. Hutchison Whampoa (Europe) Limited is a company registered in England and Wales with company number 1923041. Registered Office: Hutchison House, 5 Hester Road, Battersea, London. SW11 4AN. www.hutchisonwhampoa.com<http://www.hutchison-whampoa.com>
Received on Friday, 6 March 2015 13:47:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:43 UTC