- From: Joseph Lorenzo Hall <joe@cdt.org>
- Date: Thu, 27 Aug 2015 09:54:17 -0400
- To: Nick Doty <npdoty@w3.org>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-ID: <CABtrr-UsFyUiewhgVvmjPuTteJxQOqfJZ4=0kYbJZAro3rf1kA@mail.gmail.com>
It would be great to start the process to publish this as a draft PING note! The new changes look awesome, Nick. There are still some outstanding things in the document; those are ok for a draft note or do we need to try to close them out before we publish? The note in 1.2.1 seems to be dealt with by adding a blurb about how this is not distinct from unexpected correlation (although why 1.2.2 is not enough, I don't know) and clarifying that this practice can result in collapsing pseudonymous identities into linked personas or something like that. We should definitely reach out to the HTML WG to ask if the fingerprint warning indicia has been useful or helpful. I don't think I understand ISSUE 1... can we say anything about best practices across UA implementations that might require cooperation outside of the spec? On Sun, Aug 23, 2015 at 9:58 PM, Nick Doty <npdoty@w3.org> wrote: > I've revised the Fingerprinting Guidance for Web Specification Authors > text, responding as best I can to comments from the TAG, the Tor Browser > folks and other comments via mailing list. > > http://w3c.github.io/fingerprinting-guidance/ > > Changes in particular include: > * moving feasibility question up earlier, emphasizing realism/pessimism > * clarifying some of the best practices, regarding unnecessary additions > to fingerprinting surface > * additional examples and references (in particular, to the TAG finding on > unsanctioned tracking) > * filling in to-do sections (and marking remaining ones with issue boxes) > > To clarify the status of this document and to gather wider review, I think > it would be useful to publish this as a draft Interest Group Note. As a > Process matter, that would consist of: the Interest Group deciding we want > to publish it as an Interest Group Note; getting confirmation from the > domain lead that we can use this name/shortname; publishing a snapshot on > w3.org indicating its status as a draft Note; asking chairs and other > groups for feedback. > > And in any case, I'd welcome further feedback, additions, subtractions and > the like. I get the impression that specific examples from different > specs/Working Groups would be the most welcome addition. > > Thanks, > Nick > -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 joe@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
Received on Thursday, 27 August 2015 13:55:11 UTC