Re: [whatwg] API for unique identification of devices (mobile/tablet/pc) from Ian Hickson on 2012-12-14 (public-whatwg-archive@w3.org from December 2012)

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 14 Dec 2012 18:30:27 +0000 (UTC)
To: Stan <stasson@orc.ru>
Cc: whatwg@lists.whatwg.org
Message-ID: <Pine.LNX.4.64.1212141824400.12469@ps20323.dreamhostps.com>

On Fri, 14 Dec 2012, Stan wrote:
> 
> First, I don't think it's convenient for users to register themselves on 
> many sites, which they visit occasionally. If most of the users do this 
> right now, it does not mean they are happy with this, this is bacause 
> there is no other, more simple way (as simple as just clicking on 
> "remember me").

There are solutions to this problem, e.g. you can authenticate to a site 
using your Facebook identity using one or two clicks.

> Second, user accounts are based on e-mails as a rule, which is not 
> unique at all, every user can have multiple e-mails and multiple 
> registrations. Many web-services struggle against users' reputation 
> spoofing made via such fake accounts.

Users can have multiple devices and could tell their browser to provide a 
unique identifier with each page access, so a device ID API wouldn't stop 
or change this.

> Third, I think it's up to a certain web-service design and requirements, 
> if it needs to identify user accounts or user devices. For example, 
> usage of the same profile on multiple devices can be a violation of a 
> web-service license agreement, or a web-service may bind several devices 
> to the same profile.

Binding multiple devices to a profile is easy and done today, it doesn't 
require an identifier.

An identifier wouldn't help stop a user from using multiple devices with 
one site (not that such a restriction would even make sense in the first 
place), because there's no guarantee that the user agent isn't providing 
you with fake device identifiers.

> Multiple browser profiles on the same device do not matter, because the 
> same device ID will be returned.

What if the different profiles are for different people? Or different 
identities of the same person? (e.g. a woman's professional identity and 
a pseudonymous identity in an assault support group; or a man's identity 
that he uses for this extended family, and his identity that he uses when 
exploring his transexuality?)

> The main point, if device ID could be available it would provide more 
> great possibilities for users and web-services.

I don't understand what it would provide that would be better than the 
existing ability to use one's identity from an identity provider.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Friday, 14 December 2012 18:30:53 UTC