Hi Nick, > * Simultaneously-triggered events > > APIs that allow for subscribing to events also introduce the possibility > of correlating a user's activity across tabs, across origins or across > browsers. (I've noted this before, apologies for repetition.) I believe the > typical advice is to only trigger events for the front-most browsing > context or to fuzz the timing; given that we have typical advice, we should > have that written up somewhere. > > > * Access to sensors or device data > > The Generic Sensor API is already getting into this, I believe. Since > sensors typically give information about the world around the device, the > data is inherently cross-origin and can enable unexpected correlations. > Data on the device may be the same way -- in addition to the privacy issues > with accessing my calendar appointments or my contact database, a site can > also determine that I'm the same person if I share that information with > more than one page. > > I fully agree and support! It is one of my main points of analysis. In addition, if a readout of a sensor is identical over time, this can also lead to a cross-linkage. I am working on a follow-up analysis. > > * Permanent, hardware identifiers: > > I think we should state that this is typically incompatible with the Web's > privacy model. Access to an unchangeable identifier or hardware key means > clearing cookies does not affect the capability of correlating user > activity. > > A good point. It is indeed an issue and I believe it may be the case of how certain sensors will be exposed. It is already being discussed [1]. [1] https://github.com/w3c/sensors/issues/120 Best LukaszReceived on Sunday, 31 July 2016 22:25:49 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:33 UTC