- From: Yoav Weiss <yoav@yoav.ws>
- Date: Wed, 13 Feb 2019 15:41:35 +0100
- To: Pete Snyder <psnyder@brave.com>
- Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
- Message-ID: <CACj=BEhYJ1tFBFGNApg=gx1BaWeKVK9OKiPUeTX7bKVMo5iTiA@mail.gmail.com>
Hey Pete, On Wed, Feb 13, 2019 at 12:22 AM Pete Snyder <psnyder@brave.com> wrote: > Hi All, > > I’m Pete Snyder from PING. PING is interested in what data has been > gathered / exists to motivate moving fingerprintable values into to > passively collectable, log-able headers. I'm sorry, but I have to reject your claims regarding "passively collectable" as well as "log-able". More details on why can be found on my reply to the issue you opened <https://github.com/httpwg/http-extensions/issues/767#issuecomment-463154773> . > Given that the spec increases the risk of privacy-loss Again, I have to reject that claim. > (there is a subsection of the spec for this purpose) All specifications nowadays have to include a "Security and Privacy considerations" section. Are you implying that including such a considerations section somehow proves that a proposal is less secure or introduces privacy leaks? > , we're interested in what data exists to show that this risk would be > counter balanced by benefit to: > > 1. A significant portion of web users, > 2. On a significant portion of web sites > > Does any such data exist? Any relevant information would be extremely > useful as we continue considering the proposal. > Data specific to the real-world performance benefits of improved content negotiation that CH provides can be found here <https://cloudinary.com/blog/client_hints_and_responsive_images_what_changed_in_chrome_67>. I believe we're still lacking data on the privacy benefits of using the CH infrastructure to reduce passive fingerprinting, as this proposal is still at an early phase. > > Best, > Pete Snyder >
Received on Wednesday, 13 February 2019 14:42:15 UTC