TPAC breakout session - Is user agent Fingerprinting a lost cause?

As mentioned on our call on 18 October 2012, Brad Hill has kindly proposed a session entitled "Is user agent Fingerprinting a lost cause?".

The session description from the TPAC wiki is set out below.

http://www.w3.org/wiki/TPAC2012/SessionIdeas#Is_user_agent_Fingerprinting_a_lost_cause.3F

------

As more features and functionality are added to the Web browser, the more risks we create in terms of privacy and security. As user agent complexity increases, and as they expose more "native" variation in the underlying platform, so does their ability to be uniquely identified (and users tracked) through capability analysis.

The EFF's Panopticlick project already tracks ~60 bits of identifying information available in the typical user agent and certainly a more determined effort could find more, in addition to information available through lower-layer technologies like TCP or side-channels like JavaScript performance profiling.

What responsibility do W3C WG's have to make their technologies passive-privacy friendly, and how is that to be balanced with discoverability and usability?

Topics:

- Is preventing fingerprinting a lost cause in the general purpose web user agent?
- Where is the bar on trackability? Life-critical anonymity for political dissidents is different in what we can and must promise vs. "casual" anonymity for e.g. advertising
- Lessons from Do Not Track on technical vs. policy-driven approaches
- Lessons from anonymous / incognito browser modes
- Should specs provide standard defaults for anonymous / incognito / Tor browser modes?

Received on Sunday, 21 October 2012 14:09:34 UTC