- From: Mark Nottingham <mnot@mnot.net>
- Date: Sat, 23 May 2015 14:45:11 +1000
- To: "L. David Baron" <dbaron@dbaron.org>
- Cc: Public TAG List <www-tag@w3.org>, Nick Doty <npdoty@w3.org>
> On 23 May 2015, at 2:16 pm, L. David Baron <dbaron@dbaron.org> wrote: > > On Friday 2015-05-22 14:41 +1000, Mark Nottingham wrote: >> … based on our discussion this week is here: >> https://github.com/w3ctag/spec-reviews/blob/master/2015/05/fingerprint.md >> >> Feedback / issues / pulls appreciated. Nick, CC:ing FYI, but realise that this isn't final yet. > > I'd like to see the opening make a stronger argument than falling > back on "reasonably strong consensus in the industry". Perhaps, > though, that's feedback as to what the fingerprinting guidance > document could say rather than what the TAG feedback on it could > say. Yep. I think we actually have a fair amount to work to do there; am going to start writing up a proposal for a Finding. > It's a little unclear to me exactly *what* is believed to be a lost > cause. For example, is it: > > * fingerprinting in today's browsers for a typical user, or > fingerprinting of a browser designed to mitigate fingerprinting > (and, say, over TOR) and attempting to keep up with mitigating > current fingerprinting techniques? (Or fingerprinting in 2010's > browsers, which is different given that a number of the sources > of entropy in https://wiki.mozilla.org/Fingerprinting#Data have > been significantly reduced since then.) > > * putting users in small-ish buckets (e.g., laptop model + OS > version + browser version) or identifying users down to the > individual? > > If there are reasonably current data to cite that make the argument > that fingerprinting is a lost cause, I think that would be far > better than citing consensus. > > Citing data also allows people who are interested in working on the > problem to compare their possible solutions to sources of entropy to > the magnitude of the problem. (Some of the data I've seen seemed > somewhat unconvincing because I thought a significant portion of the > entropy could be avoided.) All very good points. I don't want to rely on consensus in the Finding - just trying to reflect the TAG position for purposes of feedback. Cheers, -- Mark Nottingham https://www.mnot.net/
Received on Saturday, 23 May 2015 04:45:42 UTC