Re: common features with cross-origin correlation possibility

Hi Nick,





> * Simultaneously-triggered events
>
> APIs that allow for subscribing to events also introduce the possibility
> of correlating a user's activity across tabs, across origins or across
> browsers. (I've noted this before, apologies for repetition.) I believe the
> typical advice is to only trigger events for the front-most browsing
> context or to fuzz the timing; given that we have typical advice, we should
> have that written up somewhere.
>
>
> * Access to sensors or device data
>
> The Generic Sensor API is already getting into this, I believe. Since
> sensors typically give information about the world around the device, the
> data is inherently cross-origin and can enable unexpected correlations.
> Data on the device may be the same way -- in addition to the privacy issues
> with accessing my calendar appointments or my contact database, a site can
> also determine that I'm the same person if I share that information with
> more than one page.
>
>

I fully agree and support! It is one of my main points of analysis.
In addition, if a readout of a sensor is identical over time, this can also
lead to a cross-linkage.
I am working on a follow-up analysis.



>
> * Permanent, hardware identifiers:
>
> I think we should state that this is typically incompatible with the Web's
> privacy model. Access to an unchangeable identifier or hardware key means
> clearing cookies does not affect the capability of correlating user
> activity.
>
>
A good point. It is indeed an issue and I believe it may be the case of how
certain sensors will be exposed. It is already being discussed [1].


[1] https://github.com/w3c/sensors/issues/120


Best
Lukasz

Received on Sunday, 31 July 2016 22:25:49 UTC