- From: Henry Story <henry.story@bblfish.net>
- Date: Tue, 27 Sep 2011 09:01:46 +0200
- To: Bjoern Hoehrmann <derhoermi@gmx.net>
- Cc: John Kemp <john@jkemp.net>, "www-tag@w3.org List" <www-tag@w3.org>
On 27 Sep 2011, at 03:44, Bjoern Hoehrmann wrote: > * John Kemp wrote: >> It is no wonder that people are shocked when they find out they are >> still being tracked by a site after they have clicked 'logout'! And it >> is perfectly possible for a site to effectively log the user out from >> that site with technology that exists today. > > Well, I am not sure it is quite that simple. Consider a Wikipedia editor > with a static IP address who has various conflicts with other editors. > He regularily signs out of his regular account and engages in conflicts > under his IP address in addition to his regular account in some abusive > way. Wikipedia policy allows in extreme cases a select group of users to > go through logs to check whether the user account and the IP address are > likely to be the same user so administrators can take steps to limit the > abusive behavior (they do this in addition to other things, like looking > for correlations in the use of language like typos "both users" make). > > This happens quite regularily, and it so happens that people who engange > in this kind of thing are often not clever enough to mask their trails, > often they fail to do as little as using separate browsers for each of > their identities. So there is often surprise when they are found out. In > this sense I do agree that people do not expect to be tracked after they > sign out (and possibly sign in into a different account instead of using > their IP address as Wikipedia identity), at least not through things in- > visible to them (obviously they do understand that "this account shows > up only when this other account has an argument and always supports the > other account" or whatever the behavior might be). > > Now, if there was a rule "no tracking after clicking logout" this would > not be possible as linking these data points together is "tracking". So, > is this a wrong thing to do? Is the scenario perhaps too specialized as > this is very manual with many safeguards, rather than automatic for all > people all the time? Is it very different because this is a first-party > setup while in the case that started this thread you often have a third- > party setup? It's not clear to me which first principles could set the > boundaries here with respect to what is okay and what is not. Come on! Seriously. There is always leakage of information in one way or another. Even if you remove cookies you still have ip address issues. You have the way people write. You have indicators such as non-overlaping times of writing. You have keystroke typing patterns. etc.... All of these can be used as circumstantial evidence for showing likely identity. Many of these could also be faked of course, and so things are tricky. This is detective work. But it's not a reason not to fix User Interface issues in the browser, which would make the browser put the user in control of session information. > >> Right - and if you care enough about both the site and the language, >> then you'd probably create an account and login to that account and use >> the language you want to on a per-site basis? > > (Personally, I work around requirements I don't find to be necessary.) > -- > Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de > Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de > 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ > Social Web Architect http://bblfish.net/
Received on Tuesday, 27 September 2011 07:02:20 UTC