On 11/7/12 4:43 PM, "Ryan Sleevi" <sleevi@google.com<mailto:sleevi@google.com>> wrote:
I appreciate you pointing out that "pre-provisioned device key" is
effectively identical (regarding security and tracking concerns) to a
"device serial number", since it may help participants better
understand the real privacy risks being proposed here.
[1] http://www.theverge.com/2012/3/25/2900787/apple-rejects-UDID-apps
[2] http://www.businessinsider.com/everything-we-know-about-ifa-and-tracking-in-apples-ios-6-2012-10
I think a certain perspective is being lost here.
Firstly, device finger-printing is already being used - by third-party cookies that users do not even know about, and by DRM clients that necessarily have to finger-print the device (flash cookies !!), among others. So, I do not understand why there is so much talk about privacy – particularly when the requirement is that the user grant permission to use that key. Mark is right – it is a user's choice. It is a necessary information for the service to be provided.
Mark is also right that privacy is a business issue, not a technology issue.