- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Tue, 27 Sep 2011 03:44:07 +0200
- To: John Kemp <john@jkemp.net>
- Cc: "www-tag@w3.org List" <www-tag@w3.org>
* John Kemp wrote: >It is no wonder that people are shocked when they find out they are >still being tracked by a site after they have clicked 'logout'! And it >is perfectly possible for a site to effectively log the user out from >that site with technology that exists today. Well, I am not sure it is quite that simple. Consider a Wikipedia editor with a static IP address who has various conflicts with other editors. He regularily signs out of his regular account and engages in conflicts under his IP address in addition to his regular account in some abusive way. Wikipedia policy allows in extreme cases a select group of users to go through logs to check whether the user account and the IP address are likely to be the same user so administrators can take steps to limit the abusive behavior (they do this in addition to other things, like looking for correlations in the use of language like typos "both users" make). This happens quite regularily, and it so happens that people who engange in this kind of thing are often not clever enough to mask their trails, often they fail to do as little as using separate browsers for each of their identities. So there is often surprise when they are found out. In this sense I do agree that people do not expect to be tracked after they sign out (and possibly sign in into a different account instead of using their IP address as Wikipedia identity), at least not through things in- visible to them (obviously they do understand that "this account shows up only when this other account has an argument and always supports the other account" or whatever the behavior might be). Now, if there was a rule "no tracking after clicking logout" this would not be possible as linking these data points together is "tracking". So, is this a wrong thing to do? Is the scenario perhaps too specialized as this is very manual with many safeguards, rather than automatic for all people all the time? Is it very different because this is a first-party setup while in the case that started this thread you often have a third- party setup? It's not clear to me which first principles could set the boundaries here with respect to what is okay and what is not. >Right - and if you care enough about both the site and the language, >then you'd probably create an account and login to that account and use >the language you want to on a per-site basis? (Personally, I work around requirements I don't find to be necessary.) -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Tuesday, 27 September 2011 01:44:29 UTC