[Bug 27269] Normatively require distinctive identifiers to be different by top-level and EME-using origin from bugzilla@jessica.w3.org on 2015-01-15 (public-html-bugzilla@w3.org from January 2015)

From: <bugzilla@jessica.w3.org>
Date: Thu, 15 Jan 2015 09:59:54 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-27269-2486-kdrlhUR1Dl@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=27269

--- Comment #9 from Henri Sivonen <hsivonen@hsivonen.fi> ---
(In reply to Henri Sivonen from comment #8)
> (In reply to Jerry Smith from comment #7)
> > I've been concerned about David's hypothetical case 1 as well.  Services
> > that host across a number of websites would need to tolerate large numbers
> > of end user devices for a given user account, since the identifier returned
> > would be different for each.  These services though have a business interest
> > in limiting the number of devices allowed.  The proposed privacy mitigation
> > discussed in this bug effectively undercuts the ability to do this, and it
> > seems fundamental to the proposal.
> 
> Why should this business interest be considered by the W3C more important
> that the privacy of users?

So suppose company Foo runs TV channels Bar and Quux and, therefore, has sites
bar.example and quux.example that behind the scenes use the same hosting
infrastructure. If Foo now wants the device limit to be counted on Foo basis
together rather than for Bar and Quux separately, what they want is a
fundamental mismatch with how they want to project themselves to the user
branding-wise (projecting Bar and Quux as separate things). Furthermore,
logically, devices limits being independent from different user-facing brands
shouldn't even really be a concern unless the same piece of content is licensed
from a third party on a Foo basis but is visible via both Bar and Quux.

Now, without a doubt, someone somewhere has made a business arrangement where
their device count rules aren't accounted according to user-facing brands (or
the user-facing brands are uselessly subdivided e.g. to bar.example and
bar-plus.example).

Since accommodating that sort of business arragement would lead to
substantially worse privacy properties of EME than requiring the kind of
partitioning being proposed here and since that the business concern doesn't
apply to the kind of services that are driving the existence of EME (movie
streaming services tend to be single-brand sites to the point that netflix.fi
redirects to netflix.com or the brands being walled off of each other by
country so that users are blocked from accessing a multi-country technical
platform with per-country branding through multiple brands/domains), I think we
should decide in favor of privacy.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Thursday, 15 January 2015 09:59:56 UTC