- From: Justin Brookman <jbrookman@cdt.org>
- Date: Fri, 25 Jul 2014 10:04:59 -0400
- To: Georg Koppen <gk@torproject.org>
- Cc: public-privacy@w3.org
On Jul 23, 2014, at 11:22 AM, Georg Koppen <gk@torproject.org> wrote: > Mike O'Neill: >> If the response to canvas and other forms of fingerprinting is an arms-race >> with browsers and their extensions, the web will turned into a war zone and >> be ruined for everybody. >> >> This is why we need a meaningful DNT that people trust. > > No, DNT will not help. See the FPDetective paper > https://www.cosic.esat.kuleuven.be/publications/article-2334.pdf and > there especially section 7.3. > > Fingerprinting is more and more framed in the context of fraud detection > and prevention of abuse. Thus, it is getting more and more common to > ignore DNT because fingerprinting is not used (or at least it is claimed > so) to track users i.e. to invade their privacy. Rather, it is all about > devices and end users' quality of service (that's at least the story > those companies are trying to sell). > > Georg I think others may disagree about whether tracking for fraud prevention constitutes any privacy concern. A DNT signal is a request to sites not to collect data about users across multiple sites — including for fraud/abuse prevention. A server can signal back that it doesn’t track at all, or that it tracks for a very limited set of (in the server’s opinion) unobjectionable purposes. Or it can signal back that it tracks for advertising or doesn’t honor DNT requests at all The user or user agent can then make a determination about whether to allow the interaction or not, to disable certain functionality for the server, or anything else it wants to do. Justin >>> -----Original Message----- >>> From: Rigo Wenning [mailto:rigo@w3.org] >>> Sent: 21 July 2014 17:43 >>> To: public-privacy@w3.org >>> Subject: Canvas fingerprinting >>> >>> https://securehomes.esat.kuleuven.be/~gacar/persistent/index.html >>> >>> There was a lot of discussion around canvas and whether it was the right >>> choice. It may also be the right choice for browser to give users the >>> option to turn all those nice new features off if they do not want to be >>> spied upon. To what extend do browsers trust the origin? I think we are >>> in a field with lots of shades of gray. >>> >>> Otherwise we are left surfing the Web with Amaya if we want privacy. >>> Amaya knows no cookies, no javascript, no canvas. This can turn into an >>> advantage.. >>> >>> --Rigo >> >> >> >> > >
Received on Friday, 25 July 2014 14:06:35 UTC