- From: Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com>
- Date: Tue, 20 Oct 2015 07:42:42 +0100
- To: Nat Sakimura <sakimura@gmail.com>
- Cc: Wendy Seltzer <wseltzer@w3.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Christine Runnegar <runnegar@isoc.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-ID: <CAC1M5qq6eGPr4B3PRNuAP_9tEfj2ZmFF9gr5U1b1Bd5QygDsig@mail.gmail.com>
2015-10-20 1:16 GMT+01:00 Nat Sakimura <sakimura@gmail.com>: > Yeah, but link is another vague and overused word. > > IMHO, link is an extreme type of correlation that has close to 100% > accuracy, but I am not sure if that is the perception that many people has. > If we use the term like "link", we need to define it. > Once again, just a type of wording. I would just use "link" as it sounds more simpler here and both do not differ that much. "Link" in this case is just simply a connection between those "multiple, separate visits". It isn't speaking about accuracy. > > Re: fingerprinting v.s. identification/identifier > > I guess fingerprinting is a technique for identification. What's bad from > the privacy point of view is that it is done without the knowledge of the > principal, and that many of them tend to be global. It is just a technique, > so if used correctly, it will help protect the subject's privacy as well. > Correct. Identification aside, fingerprinting is putting them in context - creation, setting, reading. I agree, fingerprinting bring problems because they are not transparent, and are not easily detectable or managable using current browser privacy user interfaces. Lukasz > > Nat > > 2015-10-20 5:37 GMT+09:00 Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com>: > >> Hi >> >> 2015-10-19 15:35 GMT+01:00 Nat Sakimura <sakimura@gmail.com>: >> >>> I am fine with publishing it. >>> >> >> If it allows further work, then this is a good idea. >> >> >>> >>> Re: first NOTE in the document, i.e., identification and correlation, >>> generally speaking, I have an impression that identification is an >>> inter-temporal correlation within a site, and "correlation" is the case >>> where cross-site/domain correlation is possible in addition. At least, >>> that's how I explain the pseudonymity and verinymity. >>> >> >> >> I think it's just a matter of wording. Actually it could be simplified by >> replacing: >> "an online party can correlate multiple visits" >> with >> "an online party can link separate visits". >> >> Makes the matter clearer in my opinion. >> >> Additionally, >> >> "Browser fingerprinting provides privacy concerns even" I would replace >> "provides" with "brings" - again, just a matter of wording, although in the >> previous case it makes it much more clearer IMO. >> >> >> Additionally it might be extended a bit, for example why not including a >> discussion of other sources of identifiers, that can possibly change with >> time (even in short intervals). >> >> For some reason I also have an odd feeling sometimes "fingerprint(ing)" >> could be replaced with identification/identifiers. >> >> For example: "cookie-like fingerprinting". When we speak about setting >> and reading - is it still fingerprinting? But if it is, then it is >> definitely active (because: setting"), so why not in this case merge it >> with 3.2. >> >> Please pardon me for my academic blurb ;) >> >> Best >> Lukasz >> >> > > > > -- > Nat Sakimura (=nat) > Chairman, OpenID Foundation > http://nat.sakimura.org/ > @_nat_en >
Received on Tuesday, 20 October 2015 06:43:13 UTC