- From: Rigo Wenning <rigo@w3.org>
- Date: Wed, 18 Jan 2006 18:23:26 +0100
- To: "'public-p3p-spec'" <public-p3p-spec@w3.org>
- Message-Id: <200601181823.39772@rigo>
A Blog-entry http://weblogs.mozillazine.org/darin/ and the subsequent slashdot discussion: http://yro.slashdot.org/yro/06/01/18/1427212.shtml report that Firefox has implemented a feature from the WhatWG which is pretty privacy invasive: http://whatwg.org/specs/web-apps/current-work/#ping If a link is clicked carrying a "ping" attribute, the fact that of clicking on that link is reported to several servers specified in the attribute. This allows tracking not only by referrer, but also to see where the user goes on leaving a certain server. In fact, it is the equivalent to the video-camera in the shop. A browser could also implement a more generic sniffer and send information about the current state of the computer (what other programs ran when he looked at our online-shop) to selected IP-addresses. The shop could be greatly improved, for sure. Most security advises recommend to switch active components off. This won't help anymore. The WhatWG omits in their specification to ask for a very basic and important requirement: Ask the user before sending such information over to third parties. Should we take that into account in the tracking part? Is it individual tracking or pseudonymous analysis? Best, Rigo
Received on Wednesday, 18 January 2006 17:24:05 UTC