Re: [PING] Mitigating Browser Fingerprinting in Web Specifications - publishing as an Interest Group Note

Thanks for the support and for the comments.

I’ve made updates in commit https://github.com/w3c/fingerprinting-guidance/commit/35b417ed6fbd337971a396f499e886797768577d <https://github.com/w3c/fingerprinting-guidance/commit/35b417ed6fbd337971a396f499e886797768577d>
This clarifies the active fingerprinting definition to note that code executed on the client can gather information not just about the browser, but also the user, device and surrounding context, and I’ve updated the brief list of examples (now a separate paragraph, which I think makes it clearer) to include environmental sensors.

The HTML5 reference URL was redirecting to 5.2 by default which had previously made me think everything was fine, but I’ve updated it to point explicitly to 5.2.

Cheers,
Nick

> On Feb 12, 2019, at 5:51 AM, Charles 'chaals' (McCathie) Nevile <chaals@yandex.ru> wrote:
> 
> Nice work everyone. A couple of comments:
> 
> There is a brief mention of using "environmental" fingerprinting (e.g. finding out where in the world you are by listening in, tracking location, etc), but it isn't covered at all in section 3.2 which only talks about active fingerprinting from information that exists with no environmental context. I think that's a major omission that should be fixed.
> 
> The latest W3C Recommendation on HTML is actually HTML 5.2 - which contains a large number of improvements over the HTML 5.0 specification. If you link to a Rec, it should be that one.
> 
> cheers
> 
> Chaals
> 
> On Tue, 12 Feb 2019 01:53:29 +0100, Christine Runnegar <runnegar@isoc.org> wrote:
> 
>> Dear PING,
>> 
>> A very big thank you to Nick Doty for single-handedly leading the work on Mitigating Browser Fingerprinting in Web Specifications.
>> 
>> The draft is here: https://w3c.github.io/fingerprinting-guidance/
>> 
>> Thank you also to everyone who provided input on the document at its various stages.
>> 
>> As a reminder, this document is a draft Interest Group Note to provide best practices to Web specification authors on mitigating the privacy impacts of browser fingerprinting, developed by the Privacy Interest Group (PING). PING has collaborated with the Technical Architecture Group (TAG) on this guidance. Since the last version: the list of best practices has been expanded and made more specific; guidance has been provided on how to evaluate the severity of fingerprinting surface; and, additional references and examples have been provided.
>> 
>> We have addressed the outstanding issues in Github and consider this draft ready for publication.
>> 
>> If you have any last minute comments, please share them on this list by Monday 25 February 2019.
>> 
>> Christine and Tara (chairs)
>> 
>> 
> 
> 
> --
> Using Opera's mail client: http://www.opera.com/mail/
> 

Received on Sunday, 24 February 2019 18:20:00 UTC