Re: Proposed Resolution / Consensus for Monday's call. from David Singer on 2017-08-28 (public-tracking@w3.org from August 2017)

From: David Singer <singer@mac.com>
Date: Mon, 28 Aug 2017 08:06:24 -0700
To: "Matthias Schunter (Intel Corporation)" <mts-std@schunter.org>
Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-id: <3AE60610-058F-4B95-B1C2-82F3D634E4AE@mac.com>

> On Aug 25, 2017, at 7:30 , Matthias Schunter (Intel Corporation) <mts-std@schunter.org> wrote:
> 
> Dear TPWG,
> 
> 
> I had a quick chat with Mike. Our proposal is to:
> (a) rollback the editors draft to our original consensus

Can you state what you think that consensus was (i.e. which consensus?)

> (b) suggest to add an implementation recommendation that helps
> mitigating the fingerprinting risk: By limiting the number of
> site-specific UGE that a domain can store, we also limit the capability
> to fingerprint.

I don’t get it. The fingerprinting risk comes from a single site that stores subtly different exceptions with different users. How can we even detect, let alone enforce against, this happening?

> 
> Below are more detailed notes.
> 
> Any comments and feedback are welcome!
> 
> Note that we are aware that anyone (including sub-resources) can store
> web-wide exceptions. I suggest to see how the adoption evolves and then
> browsers can determine whether additional checks and balances may be needed.
> 
> 
> Regards,
> matthias
> 
> 
> ------------------8<---
> 
> Original (still valid) consensus:
> - 1st party and third parties
>  - can ask for web-wide and site-specific UGE
>  - both for the script origin only
> 
> Current editors draft:
> - 1st party
>  - can ask for web-wide and targeted UGE
>  - both for the script origin only
> - third parties
>  - can ask (only) for site-specific UGE
>  - web-wide is not allowed
> 
> Shortcomings of the current draft:
> - site-specific UGE poses fingerprinting risk (Mike)
> - web-wide for sub-element are needed for
>  consent portal (Shane)
> 
> Proposed modifications of the editors draft:
> - Back to original consensus (to address Shane's usage)
>  - 1st party and third parties
>   - can ask for web-wide and site-specific UGE
>   - both for the script origin only
> - Mitigate fingerprinting risk by NOTE that suggests
>     that browsers may limit the number of stored site-specific
>     exceptions per top-level domain.
> 
> Assessment of proposed consensus:
> + A compliance portal (e.g. google) can now register web-wide UGE for
> same party domains (e.g. youtube).
> + The limited number of site-specific user-granted exceptions can
> minimize fingerprinting risk
> - If web-wide user-granted exceptions are mis-used, additional checks
> and balances may be needed in the future.
> 

Dave Singer

singer@mac.com

Received on Monday, 28 August 2017 15:06:55 UTC