- From: Martin J. Dürst <duerst@it.aoyama.ac.jp>
- Date: Sun, 13 Jan 2019 11:56:37 +0000
- To: Mike West <mkwst@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
Hello Mike, others, On 2018/11/29 19:22, Mike West wrote: > Hey folks, > > Section 9.7 of RFC7231 <https://tools.ietf.org/html/rfc7231#section-9.7> > rightly notes that some of the content negotiation headers user agents > deliver in HTTP requests create substantial fingerprinting surface. I think > it would be beneficial if we took steps to reduce their prevalence on the > wire, and Client Hints looks like a reasonable infrastructure on top of > which to build. Sorry to be very late, and with a rather basic question: The point about substantial fingerprinting is definitely important. But what's the difference, in terms of fingerprinting, between the following two alternatives? a) The browser sending out Accept-Language,... to a server interested in fingerprinting. b) A server interested in fingerprinting sending out an Accept-CH header with the equivalent information, even if the server doesn't need e.g. language information for serving the request. Regards, Martin.
Received on Sunday, 13 January 2019 11:57:03 UTC