Re: Network Information API published as FPWD

On 06/14/2011 05:41 PM, Robin Berjon wrote:
> On Jun 14, 2011, at 15:59 , Olli Pettay wrote:
>> Even the current API allows a bit too much fingerprinting, I
>> think. The fact that web app can know that user is using 2G
>> connection is a quite strong hint (at least in some countries) that
>> user is somewhere in the countryside. (There are perhaps already
>> other ways to detect that, but this is a new way) The connection
>> type is yet more information about user and his devices the web
>> apps can get, and so it perhaps should be accessible only if user
>> gives the permission.
>
> Far from me to suggest that fingerprinting is not an important
> consideration — it most certainly is — but we can't just start using
> it systematically as DAP's Ockham's razor lest we do nothing at all!
Yeah, I realize this is a problem. But we also can't just give up with
privacy because no one has figured out a good way to inform or ask
permission (in a scalable way) from user.



> I think that we have to accept that there will be new information
> that can help fingerprint browsers (frankly, given the precision of
> current fingerprinting it's unclear how much any addition does indeed
> hurt — http://panopticlick.eff.org/ is a good demo). Putting
> everything behind a security prompt is not a good solution, it
> actually makes users care less about privacy. So while we should be
> very careful when we decide to expose information unprotected, I
> think we should be equally careful in not going too far in the other
> direction.
>
> It could be quite interesting if someone were to scare up a set of
> criteria for when something allows for too much fingerprinting and
> when it seems okay.
Indeed


>

Received on Tuesday, 14 June 2011 21:07:09 UTC