- From: Wan-Teh Chang <wtc@google.com>
- Date: Thu, 8 Nov 2012 11:34:13 -0800
- To: Mark Watson <watsonm@netflix.com>
- Cc: Thomas Hardjono <hardjono@mit.edu>, Seetharama Rao Durbha <S.Durbha@cablelabs.com>, "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
On Thu, Nov 8, 2012 at 11:27 AM, Mark Watson <watsonm@netflix.com> wrote: > > My objective with the feature in question here is that the privacy > implications be no worse than (and hopefully better than) cookies > and web storage. One aspect in which the situation is better is > that users have very little idea what a site will use cookies and > web storage for when they give permission. Giving a site > permission to access an (origin-specific) device identifier is > arguably easier to understand. If I understand it correctly, the perceived problem with an origin-specific device identifier is that it is "read only" and cannot be deleted by the user. On the other hand, the user can effectively change the device identifier by getting a new device, whereas an (origin-specific) user identifier, such as my Yahoo Mail account and Amazon.com account, usually last much longer than the lifetime of a device. So it's not clear to me if a device identifier has more serious privacy issues. Wan-Teh
Received on Thursday, 8 November 2012 19:34:41 UTC