Re: New tracking tool in Firefox from Lorrie Cranor on 2006-01-19 (public-p3p-spec@w3.org from January 2006)

From: Lorrie Cranor <lorrie+@cs.cmu.edu>
Date: Wed, 18 Jan 2006 19:30:52 -0500
To: Rigo Wenning <rigo@w3.org>, public-p3p-spec <public-p3p-spec@w3.org>
Message-Id: <B384E699-247C-4E0B-BA86-E6172316DC4D@cs.cmu.edu>

So the WhatWG's spec says:

 > User agents should allow the user to adjust this behaviour, for  
example in conjunction with a
 > setting that disables the sending of HTTP Referrer headers. Based  
on the user's preferences, UAs
 > may either ignore the ping attribute altogether, or selectively  
ignore URIs in the list (e.g.
 > ignoring any third-party URIs).

It doesn't sound like Firefox has actually implemented these  
controls, but if they did it would significantly reduce the privacy  
concerns I think.

If a site uses this feature then I think they should certainly  
disclose it in their P3P policy. How they disclose it depends on what  
they are doing. Depending on whether the ping goes to their own  
servers, or third party servers, and whether it is accompanied by a  
pseudonym, PII, or no unique identifier would determine what is the  
appropriate disclosure. It might be pseduo or individual analysis or  
decision. It might be a state management mechanism. Could possibly be  
something else.... It also could force a site to disclose a recipient  
other than ours.

Lorrie

On Jan 18, 2006, at 12:23 PM, Rigo Wenning wrote:

> A Blog-entry
> http://weblogs.mozillazine.org/darin/
> and the subsequent slashdot discussion:
> http://yro.slashdot.org/yro/06/01/18/1427212.shtml
>
> report that Firefox has implemented a feature from the WhatWG which  
> is pretty
> privacy invasive:
> http://whatwg.org/specs/web-apps/current-work/#ping
>
> If a link is clicked carrying a "ping" attribute, the fact that of  
> clicking on
> that link is reported to several servers specified in the  
> attribute. This
> allows tracking not only by referrer, but also to see where the  
> user goes on
> leaving a certain server. In fact, it is the equivalent to the  
> video-camera
> in the shop.
>
> A browser could also implement a more generic sniffer and send  
> information
> about the current state of the computer (what other programs ran  
> when he
> looked at our online-shop) to selected IP-addresses. The shop could be
> greatly improved, for sure.
>
> Most security advises recommend to switch active components off.  
> This won't
> help anymore. The WhatWG omits in their specification to ask for a  
> very basic
> and important requirement: Ask the user before sending such  
> information over
> to third parties.
>
> Should we take that into account in the tracking part? Is it  
> individual
> tracking or pseudonymous analysis?
>
> Best,
>
> Rigo
>
>
>

Received on Thursday, 19 January 2006 00:31:12 UTC