- From: Henri Sivonen <notifications@github.com>
- Date: Tue, 10 Aug 2021 00:12:11 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 10 August 2021 07:12:23 UTC
@miketaylr > I don't know how realistically solve for passive fingerprinting in a conditional fashion at the HTTP layer. I suppose you could use a list of trackers (something like DuckDuckGo's or Disconnect's tracker lists) and modify behavior on that existing list. But sites can just create new domains and you have no idea if they're creating or sharing server-side fingerprints - how would the list ever be updated to keep up? Currently, conditional exposure of low vs. high entropy UA Client Hints is being proposed. Apart from the structuredness concern, what would be worse if the same mechanism controlled low vs. high entropy `User-Agent` value instead? (This should not be read as an endorsement of the proposed opt-in mechanism.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/640#issuecomment-895787120
Received on Tuesday, 10 August 2021 07:12:23 UTC