- From: Christine Runnegar <runnegar@isoc.org>
- Date: Tue, 5 Mar 2019 21:04:12 +0000
- To: Nick Doty <npdoty@ischool.berkeley.edu>
- CC: "Charles 'chaals' (McCathie) Nevile" <chaals@yandex.ru>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-ID: <F5DCEE90-FA7F-4B11-86FC-2E58A5DD0EDC@isoc.org>
Thank you Chaals for the feedback, and to Nick for the updates to accommodate that feedback. Again, let me thank everyone who has contributed to the development of this document. We will now proceed to publish the document as a Privacy Interest Group Note. We will notify the list when this is complete. Christine On 24Feb2019, at 10:22 AM, Nick Doty <npdoty@ischool.berkeley.edu<mailto:npdoty@ischool.berkeley.edu>> wrote: Thanks for the support and for the comments. I’ve made updates in commit https://github.com/w3c/fingerprinting-guidance/commit/35b417ed6fbd337971a396f499e886797768577d This clarifies the active fingerprinting definition to note that code executed on the client can gather information not just about the browser, but also the user, device and surrounding context, and I’ve updated the brief list of examples (now a separate paragraph, which I think makes it clearer) to include environmental sensors. The HTML5 reference URL was redirecting to 5.2 by default which had previously made me think everything was fine, but I’ve updated it to point explicitly to 5.2. Cheers, Nick On Feb 12, 2019, at 5:51 AM, Charles 'chaals' (McCathie) Nevile <chaals@yandex.ru<mailto:chaals@yandex.ru>> wrote: Nice work everyone. A couple of comments: There is a brief mention of using "environmental" fingerprinting (e.g. finding out where in the world you are by listening in, tracking location, etc), but it isn't covered at all in section 3.2 which only talks about active fingerprinting from information that exists with no environmental context. I think that's a major omission that should be fixed. The latest W3C Recommendation on HTML is actually HTML 5.2 - which contains a large number of improvements over the HTML 5.0 specification. If you link to a Rec, it should be that one. cheers Chaals On Tue, 12 Feb 2019 01:53:29 +0100, Christine Runnegar <runnegar@isoc.org<mailto:runnegar@isoc.org>> wrote: Dear PING, A very big thank you to Nick Doty for single-handedly leading the work on Mitigating Browser Fingerprinting in Web Specifications. The draft is here: https://w3c.github.io/fingerprinting-guidance/ Thank you also to everyone who provided input on the document at its various stages. As a reminder, this document is a draft Interest Group Note to provide best practices to Web specification authors on mitigating the privacy impacts of browser fingerprinting, developed by the Privacy Interest Group (PING). PING has collaborated with the Technical Architecture Group (TAG) on this guidance. Since the last version: the list of best practices has been expanded and made more specific; guidance has been provided on how to evaluate the severity of fingerprinting surface; and, additional references and examples have been provided. We have addressed the outstanding issues in Github and consider this draft ready for publication. If you have any last minute comments, please share them on this list by Monday 25 February 2019. Christine and Tara (chairs) -- Using Opera's mail client: http://www.opera.com/mail/
Received on Tuesday, 5 March 2019 21:04:40 UTC