Re: DRAFT TAG feedback for fingerprinting

On Friday 2015-05-22 14:41 +1000, Mark Nottingham wrote:
> … based on our discussion this week is here:
> Feedback / issues / pulls appreciated. Nick, CC:ing FYI, but realise that this isn't final yet.

I'd like to see the opening make a stronger argument than falling
back on "reasonably strong consensus in the industry".  Perhaps,
though, that's feedback as to what the fingerprinting guidance
document could say rather than what the TAG feedback on it could

It's a little unclear to me exactly *what* is believed to be a lost
cause.  For example, is it:

 * fingerprinting in today's browsers for a typical user, or
   fingerprinting of a browser designed to mitigate fingerprinting
   (and, say, over TOR) and attempting to keep up with mitigating
   current fingerprinting techniques?  (Or fingerprinting in 2010's
   browsers, which is different given that a number of the sources
   of entropy in have
   been significantly reduced since then.)

 * putting users in small-ish buckets (e.g., laptop model + OS
   version + browser version) or identifying users down to the

If there are reasonably current data to cite that make the argument
that fingerprinting is a lost cause, I think that would be far
better than citing consensus.

Citing data also allows people who are interested in working on the
problem to compare their possible solutions to sources of entropy to
the magnitude of the problem.  (Some of the data I've seen seemed
somewhat unconvincing because I thought a significant portion of the
entropy could be avoided.)


𝄞   L. David Baron                  𝄂
𝄢   Mozilla                   𝄂
             Before I built a wall I'd ask to know
             What I was walling in or walling out,
             And to whom I was like to give offense.
               - Robert Frost, Mending Wall (1914)

Received on Saturday, 23 May 2015 04:16:30 UTC