On Thu, May 21, 2020 at 6:48 AM Alissa Cooper via Datatracker < noreply@ietf.org> wrote: > Alissa Cooper has entered the following ballot position for > draft-ietf-httpbis-client-hints-14: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-httpbis-client-hints/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Section 1: "passively providing such information allows servers to silently > fingerprint the user" --> isn't pretty much all fingerprinting silent? > > Moreover, I think it would be good to explain in Section 1 that Client > Hints > provides a way for servers to actively fingerprint clients rather than > doing it > passively. > I actually don't think this characterization is correct. Specifically: - When something that clients unilaterally send now is replaced by a client hint (e.g., User-Agent) then this changes fingerprinting from passive to active - When something that you currently have to call a JS API to get is replaced by a client hint, then this makes it *more* passive because the server only has to take one action to get the hint indefinitely. -Ekr >
Received on Thursday, 21 May 2020 16:26:41 UTC