W3C home > Mailing lists > Public > public-tracking@w3.org > October 2013

Further text associated with the change proposal on Unique Identifiers, issue-199

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Wed, 2 Oct 2013 13:43:30 +0100
To: <public-tracking@w3.org>
Cc: "'Geoff Gieron - AdTruth'" <ggieron@adtruth.com>, <jeff@democraticmedia.org>, "'Joseph Lorenzo Hall'" <joe@cdt.org>, "Alan Chapell" <achapell@chapellassociates.com>
Message-ID: <1f9101cebf6d$001a57f0$004f07d0$@baycloud.com>
Here is some additional text to underline that there should be no browser
fingerprinting when DNT:1.


I have slightly improved the definitions, added unique back to the
persistent identifier definition to make it clearer and more consistent to
how the term is used elsewhere in the spec. There is now a new line item 3
below the Third Party Compliance paragraph (non-permitted uses) that
requires no unique ids or fingerprinting when DNT:1.


A persistent unique identifier is an arbitrary value held in, or derived
from other data in, the user agent whose purpose is to identify the user
agent in subsequent transactions to a particular web domain. It may be
encoded for example as the name or value attribute of an HTTP cookie, as an
item in localStorage or recorded in some way in the cache. 


The duration of a persistent unique identifier is the maximum period of time
it will be retained in the user agent. This could be specified for example
using the Expires or Max-Age attributes of an HTTP cookie so that it is
automatically deleted by the user agent after the specified time period is


Browser fingerprinting is a method of tracking individuals based on creating
a persistent identifier from a set of other device specific information,
either inherent in a content request or stored within the user-agent and
accessed by executing rendered script. Such an identifier may not itself
need to be stored in the user-agent as it can be calculated again in
subsequent transactions, and so can have an arbitrarily long duration. 


Third Party Compliance.


3 . the third party MUST NOT create or use persistent unique identifiers,
either directly or derived using browser fingerprinting methods,  for the
purpose of collecting further information from this user or device. 


Received on Wednesday, 2 October 2013 12:44:07 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:19 UTC