- From: David Singer <singer@apple.com>
- Date: Fri, 28 Aug 2015 12:24:15 +0900
- To: Joseph Lorenzo Hall <joe@cdt.org>
- Cc: Nicholas Doty <npdoty@w3.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Does this draft need to mention avoidance of enabling fingerprinting by excessive precision of an otherwise ‘innocuous’ API? (E.g. I can differentiate batteries, and hence distinct visitors, by looking at precise measurements of batteries). > On Aug 27, 2015, at 22:54 , Joseph Lorenzo Hall <joe@cdt.org> wrote: > > It would be great to start the process to publish this as a draft PING note! The new changes look awesome, Nick. > > There are still some outstanding things in the document; those are ok for a draft note or do we need to try to close them out before we publish? > > The note in 1.2.1 seems to be dealt with by adding a blurb about how this is not distinct from unexpected correlation (although why 1.2.2 is not enough, I don't know) and clarifying that this practice can result in collapsing pseudonymous identities into linked personas or something like that. > > We should definitely reach out to the HTML WG to ask if the fingerprint warning indicia has been useful or helpful. > > I don't think I understand ISSUE 1... can we say anything about best practices across UA implementations that might require cooperation outside of the spec? > > > > On Sun, Aug 23, 2015 at 9:58 PM, Nick Doty <npdoty@w3.org> wrote: > I've revised the Fingerprinting Guidance for Web Specification Authors text, responding as best I can to comments from the TAG, the Tor Browser folks and other comments via mailing list. > > http://w3c.github.io/fingerprinting-guidance/ > > Changes in particular include: > * moving feasibility question up earlier, emphasizing realism/pessimism > * clarifying some of the best practices, regarding unnecessary additions to fingerprinting surface > * additional examples and references (in particular, to the TAG finding on unsanctioned tracking) > * filling in to-do sections (and marking remaining ones with issue boxes) > > To clarify the status of this document and to gather wider review, I think it would be useful to publish this as a draft Interest Group Note. As a Process matter, that would consist of: the Interest Group deciding we want to publish it as an Interest Group Note; getting confirmation from the domain lead that we can use this name/shortname; publishing a snapshot on w3.org indicating its status as a draft Note; asking chairs and other groups for feedback. > > And in any case, I'd welcome further feedback, additions, subtractions and the like. I get the impression that specific examples from different specs/Working Groups would be the most welcome addition. > > Thanks, > Nick > > > > -- > Joseph Lorenzo Hall > Chief Technologist > Center for Democracy & Technology > 1634 I ST NW STE 1100 > Washington DC 20006-4011 > (p) 202-407-8825 > (f) 202-637-0968 > joe@cdt.org > PGP: https://josephhall.org/gpg-key > fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 > > David Singer Manager, Software Standards, Apple Inc.
Received on Friday, 28 August 2015 03:24:49 UTC