- From: Martin J. Dürst <duerst@it.aoyama.ac.jp>
- Date: Tue, 29 Jan 2019 07:34:43 +0000
- To: Ilya Grigorik <igrigorik@google.com>
- CC: Mike West <mkwst@google.com>, Yoav Weiss <yoavweiss@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
Hello Ilya, On 2019/01/29 08:07, Ilya Grigorik wrote: > Hi Martin. > > To echo what Mike highlighted before, I don't think we're suggesting that > CH will eliminate fingerprinting. To your point, yes 3P providers will > likely request that site owners grant access to these hints, but that in > itself is already a significant step forward: hints are restricted to > secure transports (significantly reduced fingerprinting surface area for > unencrypted traffic); 1P must explicitly state what hints they want to > receive (auditing); 1P must explicitly delegate permission to 3Ps (auditing > and permission based access). Compare that to status quo today, where there > are no signals on what data is being requested and used by whom, and most > 1P's being entirely unaware of which 3P's are collecting what data from > their users. > > CH is not a magic bullet but the constraints it introduces — I think — > offer significant accountability and transparency improvements over status > quo. Thanks for the explanations. If something similar can go into the relevant draft, in a "Privacy Considerations" section if there is one, and if not as part of the "Security Considerations" section or in some other appropriate place, then that would be great. Regards, Martin. > ig >
Received on Tuesday, 29 January 2019 07:35:08 UTC