- From: Rigo Wenning <rigo@w3.org>
- Date: Wed, 08 Feb 2012 10:37:27 +0100
- To: public-tracking@w3.org
- Cc: Jonathan Mayer <jmayer@stanford.edu>
On Tuesday 07 February 2012 16:30:32 Jonathan Mayer wrote: > The paper also finds that scrubbing the last octet from an IP address may do > little to mitigate tracking. >From a scientific point of view, this was already acquired as a fact in our discussions around P3P in 2001. I'm pretty sure that Matthias can find some paper from long time ago that already addresses this issue. This raises the question of how anonymous is anonymization. While being interesting from a scientific point of view, this may be dangerous for our considerations here as it will push us into the anonymity arms race. As this is a moving target, it is hard to lay down something in the specification. My suggestion would be that the group: 1/ Recognizes that just removing the last octet of an IP-address is NOT sufficient for anonymization or even pseudonymization. 2/ Discuss what is "good enough" for the risk we are trying to tackle, risk being one of the following: consumer protection and dangers for democracy (have to be made more concrete in the discussion) I don't think a burdensome re-identification of a single person like in a law enforcement scenario is our attacking scenario, but rather mass information processing to find opinions and predict and influence people in an undue and dangerous way or amass sufficient information that others could abuse the amassed information for undue and dangerous purposes. Best, Rigo
Received on Wednesday, 8 February 2012 09:40:09 UTC