- From: Lukasz Olejnik (W3C) <lukasz.w3c@gmail.com>
- Date: Sun, 31 Jul 2016 23:25:20 +0100
- To: Nick Doty <npdoty@ischool.berkeley.edu>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>, Greg Norcie <norcie@cdt.org>
- Message-ID: <CAC1M5qoPdc6-R09r3307NJcyBA6fDOnLC4ospKWZHKGSySrqgA@mail.gmail.com>
Hi Nick, > * Simultaneously-triggered events > > APIs that allow for subscribing to events also introduce the possibility > of correlating a user's activity across tabs, across origins or across > browsers. (I've noted this before, apologies for repetition.) I believe the > typical advice is to only trigger events for the front-most browsing > context or to fuzz the timing; given that we have typical advice, we should > have that written up somewhere. > > > * Access to sensors or device data > > The Generic Sensor API is already getting into this, I believe. Since > sensors typically give information about the world around the device, the > data is inherently cross-origin and can enable unexpected correlations. > Data on the device may be the same way -- in addition to the privacy issues > with accessing my calendar appointments or my contact database, a site can > also determine that I'm the same person if I share that information with > more than one page. > > I fully agree and support! It is one of my main points of analysis. In addition, if a readout of a sensor is identical over time, this can also lead to a cross-linkage. I am working on a follow-up analysis. > > * Permanent, hardware identifiers: > > I think we should state that this is typically incompatible with the Web's > privacy model. Access to an unchangeable identifier or hardware key means > clearing cookies does not affect the capability of correlating user > activity. > > A good point. It is indeed an issue and I believe it may be the case of how certain sensors will be exposed. It is already being discussed [1]. [1] https://github.com/w3c/sensors/issues/120 Best Lukasz
Received on Sunday, 31 July 2016 22:25:49 UTC