W3C home > Mailing lists > Public > public-tracking@w3.org > October 2013

Re: Issue:? Fingerprinting

From: Justin Brookman <jbrookman@cdt.org>
Date: Tue, 1 Oct 2013 14:26:46 -0400
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-Id: <FEA67D11-5F28-4A16-881F-0C1988C821A1@cdt.org>
To: Jeffrey Chester <jeff@democraticmedia.org>
I believe that digital fingerprinting is implicitly addressed in the standard, though not directly called our.  Third parties that receive a DNT:1 signal may only collect data elements that are reasonably necessary for the enumerated permitted uses.  That includes data elements that could be used to fingerprint a device.  Some companies may believe that they need to use fingerprinting-type techniques for fraud and security purposes even for DNT:1 users (though they would have to justify that under the standard).  But also keep in mind that much fingerprinting, as I understand it, is heavily dependent upon IP addresses, the use of which was envisioned for permitted uses even under the EFF/Moz/Stanford proposal.

However, if DNT is set at 0 or unset, the standard does not limit the use of fingerprinting, HTML5 cookies, drone surveillance, or anything else.

If I got any of this wrong, anyone, please feel free to correct me.

On Oct 1, 2013, at 1:49 PM, Jeffrey Chester <jeff@democraticmedia.org> wrote:

> I want to clarify that included in the spec are approp. definitions that address device fingerprinting.   DNT should cover device fingerprinting and related device/cross platform identification technologies and practices.
> 
> Is it already incorporated in an existing issue or text?
> 
> Jeff
> 
> 
> 
> 
> Jeffrey Chester
> Center for Digital Democracy
> 1621 Connecticut Ave, NW, Suite 550
> Washington, DC 20009
> www.democraticmedia.org
> www.digitalads.org
> 202-986-2220
> 
Received on Tuesday, 1 October 2013 18:27:17 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:19 UTC