W3C home > Mailing lists > Public > public-tracking@w3.org > October 2011

Re: ISSUE-5: What is the definition of tracking?

From: David Wainberg <dwainberg@appnexus.com>
Date: Thu, 27 Oct 2011 15:30:59 -0400
Message-ID: <4EA9B173.2030206@appnexus.com>
To: Jonathan Mayer <jmayer@stanford.edu>
CC: Sean Harvey <sharvey@google.com>, "public-tracking@w3.org Group WG" <public-tracking@w3.org>
I don't find it excessively nitpicky. It's relevant. Please elaborate. 
It seems that somewhere the data has to be associated in some way with a 
distinct user.

On 10/27/11 1:14 PM, Jonathan Mayer wrote:
> Fragmented or probabilistic tracking data might not be stored with a 
> hash or other single identifier.  The privacy risk would, of course, 
> be the same.  (I don't mean to be excessively nitpicky - a few months 
> ago my team looked at a third party doing fingerprinting of just this 
> sort.)
>
> On Oct 27, 2011, at 9:02 AM, David Wainberg wrote:
>>
>>> On Oct 25, 2011, at 2:13 PM, David Wainberg wrote:
>>>
>>>>
>>>> On 10/24/11 8:18 PM, Jonathan Mayer wrote:
>>>>>
>>>>> I would strongly oppose limiting our definition of tracking to 
>>>>> only cover pseudonymously identified or personally identified 
>>>>> data.  There are a number of ways to track a user across websites 
>>>>> without a single pseudonymous or personal identifier.
>>>> I'm not sure what you mean here. Can you provide examples?
>>> Any means of tracking that relies on fragmented or probabilistic 
>>> information.  For example, browser fingerprinting.  (See Peter 
>>> Eckersley's paper "How Unique Is Your Web Browser.")
>> Ah. I would have included that in pseudonymously identified, because 
>> if data is stored against it by the server, it will be stored against 
>> a hash or something based on the fingerprint.
>
Received on Thursday, 27 October 2011 19:31:26 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:44:41 UTC