- From: Fred Andrews <fredandw@live.com>
- Date: Fri, 14 Dec 2012 09:17:17 +0000
- To: Stan <stasson@orc.ru>
- Cc: "whatwg@lists.whatwg.org" <whatwg@lists.whatwg.org>
Hi Stan, > From: stasson@orc.ru ... > Subject: Re: [whatwg] API for unique identification of devices (mobile/tablet/pc) ... > First, I don't think it's convenient for users to register themselves > on many sites, which they visit occasionally. If most of the users do this right now, > it does not mean they are happy with this, this is bacause there is no other, > more simple way (as simple as just clicking on "remember me"). > > Second, user accounts are based on e-mails as a rule, which is not unique at all, > every user can have multiple e-mails and multiple registrations. Many web-services > struggle against users' reputation spoofing made via such fake accounts. A Device ID would not in general be unique either because it would be managed by the users browser software which could have features to change the ID, or open a window with a new ID, or export the ID, etc. It's not your computer so not your choice. > Third, I think it's up to a certain web-service design and requirements, if it > needs to identify user accounts or user devices. For example, usage of > the same profile on multiple devices can be a violation of a web-service > license agreement, or a web-service may bind several devices to the same > profile. Multiple browser profiles on the same device do not matter, because > the same device ID will be returned. Moving from one device to another, > or virtual devices - is just the same thing as having multiple devices considered > above. You could issue users with a controlled device that you own and under restrictive contractual terms and proxy authorization through this. Or perhaps limit service to devices with an ID that is not trivial for users to change. cheers Fred
Received on Friday, 14 December 2012 09:17:56 UTC