- From: <bugzilla@jessica.w3.org>
- Date: Thu, 15 Jan 2015 09:59:54 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27269 --- Comment #9 from Henri Sivonen <hsivonen@hsivonen.fi> --- (In reply to Henri Sivonen from comment #8) > (In reply to Jerry Smith from comment #7) > > I've been concerned about David's hypothetical case 1 as well. Services > > that host across a number of websites would need to tolerate large numbers > > of end user devices for a given user account, since the identifier returned > > would be different for each. These services though have a business interest > > in limiting the number of devices allowed. The proposed privacy mitigation > > discussed in this bug effectively undercuts the ability to do this, and it > > seems fundamental to the proposal. > > Why should this business interest be considered by the W3C more important > that the privacy of users? So suppose company Foo runs TV channels Bar and Quux and, therefore, has sites bar.example and quux.example that behind the scenes use the same hosting infrastructure. If Foo now wants the device limit to be counted on Foo basis together rather than for Bar and Quux separately, what they want is a fundamental mismatch with how they want to project themselves to the user branding-wise (projecting Bar and Quux as separate things). Furthermore, logically, devices limits being independent from different user-facing brands shouldn't even really be a concern unless the same piece of content is licensed from a third party on a Foo basis but is visible via both Bar and Quux. Now, without a doubt, someone somewhere has made a business arrangement where their device count rules aren't accounted according to user-facing brands (or the user-facing brands are uselessly subdivided e.g. to bar.example and bar-plus.example). Since accommodating that sort of business arragement would lead to substantially worse privacy properties of EME than requiring the kind of partitioning being proposed here and since that the business concern doesn't apply to the kind of services that are driving the existence of EME (movie streaming services tend to be single-brand sites to the point that netflix.fi redirects to netflix.com or the brands being walled off of each other by country so that users are blocked from accessing a multi-country technical platform with per-country branding through multiple brands/domains), I think we should decide in favor of privacy. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Thursday, 15 January 2015 09:59:56 UTC