- From: JC Cannon <jccannon@microsoft.com>
- Date: Wed, 24 Oct 2012 17:34:29 +0000
- To: "rob@blaeu.com" <rob@blaeu.com>, "public-privacy@w3.org" <public-privacy@w3.org>
Rob, Are you stating that fingerprinting is okay for tracking user consent? Thanks, JC -----Original Message----- From: Rob van Eijk [mailto:rob@blaeu.com] Sent: Wednesday, October 24, 2012 10:04 AM To: public-privacy@w3.org Subject: RE: TPAC breakout session - Is user agent Fingerprinting a lost cause? Hi JC, Fingerprinting is just like most cookies subject to article 5.3 of the e-privacy directive. A privacy risk that I see increasing as a consequence of DNT and EU cookie consent is that companies are most likely pushing towards a bypass of DNT, i.e. gaining out of band (server based) consent and store that user choice in databases. Fingerprinting can be used in that usecase to identify a user and subsequently find out by querying the consent database whether a user has given consent. Rob JC Cannon schreef op 2012-10-24 17:29: > I feel this is a great topic to discuss in light of the DNT and EU > cookie consent work happening. Both will limit the ability to use > cookies to re-identify a returning user/computer to a website. If > cookies are not viable it may push websites to use fingerprinting. > I'm > hoping this discussion will provide ideas for two big problems: > > 1. How to minimize the ability for browsers to be fingerprinted. > 2. Providing a privacy-friendly way for users to build a relationship > with trusted websites. > > JC > > -----Original Message----- > >> From: Christine Runnegar [mailto:runnegar@isoc.org] >> Sent: Sunday, October 21, 2012 7:09 AM >> To: public-privacy@w3.org mailing list) >> Cc: Hill, Brad >> Subject: TPAC breakout session - Is user agent Fingerprinting a lost >> cause? >> >> As mentioned on our call on 18 October 2012, Brad Hill has kindly >> proposed a session entitled "Is user agent Fingerprinting a lost >> cause?". >> >> The session description from the TPAC wiki is set out below. >> >> >> http://www.w3.org/wiki/TPAC2012/SessionIdeas#Is_user_agent_Fingerprin >> ting_a_lost_cause.3F >> >> ------ >> >> As more features and functionality are added to the Web browser, the >> more risks we create in terms of privacy and security. As user agent >> complexity increases, and as they expose more "native" variation in >> the underlying platform, so does their ability to be uniquely >> identified (and users tracked) through capability analysis. >> >> The EFF's Panopticlick project already tracks ~60 bits of identifying >> information available in the typical user agent and certainly a more >> determined effort could find more, in addition to information >> available through lower-layer technologies like TCP or side-channels >> like JavaScript performance profiling. >> >> What responsibility do W3C WG's have to make their technologies >> passive-privacy friendly, and how is that to be balanced with >> discoverability and usability? >> >> Topics: >> >> - Is preventing fingerprinting a lost cause in the general purpose >> web user agent? >> - Where is the bar on trackability? Life-critical anonymity for >> political dissidents is different in what we can and must promise vs. >> "casual" anonymity for e.g. advertising >> - Lessons from Do Not Track on technical vs. policy-driven approaches >> - Lessons from anonymous / incognito browser modes >> - Should specs provide standard defaults for anonymous / incognito / >> Tor browser modes?
Received on Wednesday, 24 October 2012 17:35:36 UTC