fingerprinting deck from Brad Hill on 2017-06-22 (public-webappsec@w3.org from June 2017)

From: Brad Hill <hillbrad@gmail.com>
Date: Thu, 22 Jun 2017 17:00:51 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAEeYn8hDYN-kEyW_2hDZhZ+HtGvYWQ1gXCg5ZwJ8tWJb15wt=g@mail.gmail.com>

We discussed in yesterday's call fingerprinting vs. stateful tracking and I
made reference to a discussion deck on the topic I prepared for TPAC in
2012.

Here's the link I promised:

https://www.w3.org/wiki/images/7/7d/Is_preventing_browser_fingerprinting_a_lost_cause.pdf


Among many other observations, I should thank Andy Steingruebl for the
suggestion that preventing browser fingerprinting is actually an instance
of confining covert channels as described by Lampson in "A note on the
confinement problem" from 1973, which basically states that these channels
cannot be eliminated, only limited in their bandwidth through very careful
system construction.  It's been a very useful lens through which to view
the problem.

Here's a link I found to the paper text:
https://www.cs.utexas.edu/~shmat/courses/cs380s_fall09/lampson73.pdf

-Brad

Received on Thursday, 22 June 2017 17:01:36 UTC