- From: David Booth <david@dbooth.org>
- Date: Mon, 30 Aug 2010 11:54:41 -0400
- To: Noah Mendelsohn <nrm@arcanedomain.com>
- Cc: "www-tag@w3.org" <www-tag@w3.org>
On Mon, 2010-08-30 at 11:11 -0400, David Booth wrote: > On Sun, 2010-08-29 at 16:35 -0400, Noah Mendelsohn wrote: > > This article [1] suggests that at least some organizations are using Flash > > client side storage to preserve and recreate browser cookies. Not quite > > sure what this is pertinent to TAG work on client-side storage, but it's at > > least worth noting. > > > > Noah > > > > [1] > > http://arstechnica.com/tech-policy/news/2010/08/ad-firm-sued-for-allegedly-re-creating-deleted-cookies.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss > > Wow, that's a *major* privacy violation and security hole. I'm > surprised Adobe has not yet been sued about it, but perhaps the > attorneys are going after the lower hanging fruit. > > And BTW, the whole idea of users having to use Adobe's web site to set > the security controls on their own personal computer is completely > absurd. That aspect in and of itself is totally broken and would seem > to me to be grounds for a lawsuit regardless of the other issues. FYI, there is also interesting paper on the privacy threat of browser fingerprinting based only on information that a web site can readily obtain from the browser when the user visits the site: https://panopticlick.eff.org/browser-uniqueness.pdf [[ We observe that the distribution of our finger- print contains at least 18.1 bits of entropy, meaning that if we pick a browser at random, at best we expect that only one in 286,777 other browsers will share its fingerprint. Among browsers that support Flash or Java, the situation is worse, with the average browser carrying at least 18.8 bits of identifying information. 94.2% of browsers with Flash or Java were unique in our sample. ]] An EFF project attempts to address this problem, and provides a link for testing your browser: https://panopticlick.eff.org/ -- David Booth, Ph.D. Cleveland Clinic (contractor) http://dbooth.org/ Opinions expressed herein are those of the author and do not necessarily reflect those of Cleveland Clinic.
Received on Monday, 30 August 2010 15:55:13 UTC