W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2015

Re: Fingerprinting guidance update; responding to feedback, Note publication?

From: Joseph Lorenzo Hall <joe@cdt.org>
Date: Thu, 27 Aug 2015 09:54:17 -0400
Message-ID: <CABtrr-UsFyUiewhgVvmjPuTteJxQOqfJZ4=0kYbJZAro3rf1kA@mail.gmail.com>
To: Nick Doty <npdoty@w3.org>
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
It would be great to start the process to publish this as a draft PING
note! The new changes look awesome, Nick.

There are still some outstanding things in the document; those are ok for a
draft note or do we need to try to close them out before we publish?

The note in 1.2.1 seems to be dealt with by adding a blurb about how this
is not distinct from unexpected correlation (although why 1.2.2 is not
enough, I don't know) and clarifying that this practice can result in
collapsing pseudonymous identities into linked personas or something like

We should definitely reach out to the HTML WG to ask if the fingerprint
warning indicia has been useful or helpful.

I don't think I understand ISSUE 1... can we say anything about best
practices across UA implementations that might require cooperation outside
of the spec?

On Sun, Aug 23, 2015 at 9:58 PM, Nick Doty <npdoty@w3.org> wrote:

> I've revised the Fingerprinting Guidance for Web Specification Authors
> text, responding as best I can to comments from the TAG, the Tor Browser
> folks and other comments via mailing list.
> http://w3c.github.io/fingerprinting-guidance/
> Changes in particular include:
> * moving feasibility question up earlier, emphasizing realism/pessimism
> * clarifying some of the best practices, regarding unnecessary additions
> to fingerprinting surface
> * additional examples and references (in particular, to the TAG finding on
> unsanctioned tracking)
> * filling in to-do sections (and marking remaining ones with issue boxes)
> To clarify the status of this document and to gather wider review, I think
> it would be useful to publish this as a draft Interest Group Note. As a
> Process matter, that would consist of: the Interest Group deciding we want
> to publish it as an Interest Group Note; getting confirmation from the
> domain lead that we can use this name/shortname; publishing a snapshot on
> w3.org indicating its status as a draft Note; asking chairs and other
> groups for feedback.
> And in any case, I'd welcome further feedback, additions, subtractions and
> the like. I get the impression that specific examples from different
> specs/Working Groups would be the most welcome addition.
> Thanks,
> Nick

Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
PGP: https://josephhall.org/gpg-key
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
Received on Thursday, 27 August 2015 13:55:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:30 UTC