Re: ISSUE-5: What is the definition of tracking? from Jonathan Mayer on 2011-10-27 (public-tracking@w3.org from October 2011)

From: Jonathan Mayer <jmayer@stanford.edu>
Date: Thu, 27 Oct 2011 10:14:40 -0700
To: David Wainberg <dwainberg@appnexus.com>
Cc: Sean Harvey <sharvey@google.com>, "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-Id: <6BE8261B-3092-45F5-B218-F154D0BCE6F9@stanford.edu>

Fragmented or probabilistic tracking data might not be stored with a hash or other single identifier.  The privacy risk would, of course, be the same.  (I don't mean to be excessively nitpicky - a few months ago my team looked at a third party doing fingerprinting of just this sort.)

On Oct 27, 2011, at 9:02 AM, David Wainberg wrote:
> 
>> On Oct 25, 2011, at 2:13 PM, David Wainberg wrote:
>> 
>>> 
>>> On 10/24/11 8:18 PM, Jonathan Mayer wrote:
>>>> 
>>>> I would strongly oppose limiting our definition of tracking to only cover pseudonymously identified or personally identified data.  There are a number of ways to track a user across websites without a single pseudonymous or personal identifier.
>>> I'm not sure what you mean here. Can you provide examples?
>> Any means of tracking that relies on fragmented or probabilistic information.  For example, browser fingerprinting.  (See Peter Eckersley's paper "How Unique Is Your Web Browser.")
> Ah. I would have included that in pseudonymously identified, because if data is stored against it by the server, it will be stored against a hash or something based on the fingerprint.

Received on Thursday, 27 October 2011 17:15:18 UTC