On Tue, Dec 11, 2012 at 10:24 AM, Martin Thomson <martin.thomson@gmail.com>wrote: > On 11 December 2012 00:45, Dominique Hazael-Massieux <dom@w3.org> wrote: > > Imagine a user that uses a site under two different identity, and takes > > care of carefully cleaning cookies between these two usages (or more > > realistically, uses a system that does it for her); if we expose stable > > device ids that are scoped per site, then suddenly the site knows that > > these two apparently distinct users are the same (or at least use the > > same browser/computer). > > That is something that I did consider. Clearing cookies and all the > other stuff necessary to remove site-gunge should also remove whatever > key was used to generate device IDs. A site-specific cleanup would be > harder to implement than a global sweep, but it's not an impossible > challenge. Indeed, this is already something one generally has to worry about as the number of mechanisms for storing state on a user's machine continues to expand (cookies, localstore, cache information, SSL cache entries). I could check with the Moz privacy people but my impression is that the general idea is that all this stuff needs to be cleaned up when someone asks for cookies to be flushed. -Ekr >
Received on Thursday, 13 December 2012 14:19:14 UTC