- From: Greg Norcie <gnorcie@cdt.org>
- Date: Thu, 28 Jul 2016 12:17:32 -0400
- To: Nick Doty <npdoty@ischool.berkeley.edu>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-ID: <CAMJgV7Zsb=M7RX-LSUOWwNpRBPjHw72t3RjuAaU+RxCN=u4A0A@mail.gmail.com>
I'll take a look, and if not craft some questions to make sure they're hit on. /********************************************/ Greg Norcie (norcie@cdt.org) Staff Technologist Center for Democracy & Technology District of Columbia office (p) 202-637-9800 PGP: http://norcie.com/pgp.txt /*******************************************/ On Wed, Jul 27, 2016 at 10:32 PM, Nick Doty <npdoty@ischool.berkeley.edu> wrote: > Here are three common features or feature requests that have, in addition > to other privacy issues, potential problems with correlation across > origins, browsers or devices. I think we should establish guidance on these > points in one of our common documents so that we can point people to it. > > * Simultaneously-triggered events > > APIs that allow for subscribing to events also introduce the possibility > of correlating a user's activity across tabs, across origins or across > browsers. (I've noted this before, apologies for repetition.) I believe the > typical advice is to only trigger events for the front-most browsing > context or to fuzz the timing; given that we have typical advice, we should > have that written up somewhere. > > > * Access to sensors or device data > > The Generic Sensor API is already getting into this, I believe. Since > sensors typically give information about the world around the device, the > data is inherently cross-origin and can enable unexpected correlations. > Data on the device may be the same way -- in addition to the privacy issues > with accessing my calendar appointments or my contact database, a site can > also determine that I'm the same person if I share that information with > more than one page. > > > * Permanent, hardware identifiers: > > I think we should state that this is typically incompatible with the Web's > privacy model. Access to an unchangeable identifier or hardware key means > clearing cookies does not affect the capability of correlating user > activity. > > > > Greg, do we have these anywhere in the privacy questionnaire? > > The permanent identifiers could also be discussed in the Mitigating > Browser Fingerprinting doc, as we already have a section there on clearing > local state, but it's been noted that that might be extending beyond > fingerprinting, so perhaps it'll be moved to the more general privacy > questionnaire anyway. > > Thanks, > Nick >
Received on Thursday, 28 July 2016 16:18:19 UTC