IRC log of fingerprint on 2012-10-31

Timestamps are in UTC.

13:18:46 [RRSAgent]
RRSAgent has joined #fingerprint
13:18:46 [RRSAgent]
logging to
13:18:50 [Zakim]
Zakim has joined #fingerprint
13:27:42 [wseltzer]
wseltzer has joined #fingerprint
13:27:59 [npdoty]
npdoty has joined #fingerprint
13:28:07 [npdoty]
rrsagent, make logs public
13:30:08 [KenjiBX]
KenjiBX has joined #fingerprint
13:31:07 [KenjiBX]
Present+ Kenji_Baheux
13:32:31 [caribou]
caribou has joined #fingerprint
13:33:38 [npdoty]
is someone available to scribe this session?
13:33:42 [bradee-oh]
bradee-oh has joined #fingerprint
13:33:46 [npdoty]
also, we better get started pretty soon here
13:34:46 [adambe]
adambe has joined #fingerprint
13:34:53 [npdoty]
bhill2: Brad Hill, one of the chairs of the Web App Sec Working Group
13:35:00 [dbaron]
dbaron has joined #fingerprint
13:35:02 [fluffy]
fluffy has joined #fingerprint
13:35:06 [annevk]
annevk has joined #fingerprint
13:35:18 [annevk]
RRSAgent, draft minutes
13:35:18 [RRSAgent]
I have made the request to generate annevk
13:35:26 [annevk]
RRSAgent, make logs public
13:35:30 [martin]
martin has joined #fingerprint
13:35:30 [npdoty]
... a while back when taking our spec to CR, received some feedback that it was unacceptable from a privacy point of view because it was detectable from JS, would give away characteristics about the browser
13:35:34 [annevk]
scribe: Josh_Soref
13:35:38 [rigo]
rigo has joined #fingerprint
13:35:41 [annevk]
scribenick: annevk
13:35:52 [fwagner]
fwagner has joined #fingerprint
13:35:53 [hta]
hta has joined #fingerprint
13:36:03 [annevk]
bradh: there's a view that preventing fingerprinting is a lost cause
13:36:17 [annevk]
... and it quickly became apparent that there isn't such a consensus
13:36:25 [dbaron]
bradh: ... and that we should move to alternatives like do not track
13:36:30 [hsivonen]
hsivonen has joined #fingerprint
13:36:32 [anant]
anant has joined #fingerprint
13:36:32 [annevk]
... to look at some of the past
13:36:37 [annevk]
... what are we talking about
13:36:42 [annevk]
... we aren't talking about cookies
13:36:44 [tanvi]
tanvi has joined #fingerprint
13:36:51 [annevk]
... we're talking about passive detection
13:37:00 [annevk]
... panopticlick is the best example of this
13:37:06 [fjh_]
fjh_ has joined #fingerprint
13:37:13 [bradee-oh]
13:37:14 [fjh_]
zakim, who is here?
13:37:14 [Zakim]
sorry, fjh_, I don't know what conference this is
13:37:15 [Zakim]
On IRC I see fjh_, tanvi, anant, hsivonen, hta, fwagner, rigo, martin, annevk, fluffy, dbaron, adambe, bradee-oh, caribou, KenjiBX, npdoty, wseltzer, Zakim, RRSAgent, bhill2
13:37:40 [annevk]
... there are 70/80 tests that can identify quirks about you
13:37:47 [bradee-oh]
13:37:50 [annevk]
... and academic projects that do microbenchmarks
13:37:57 [annevk]
... to identify memory+speed
13:38:12 [annevk]
... is this a problem we can solve
13:38:19 [annevk]
... there's a number of asymmetries here
13:38:33 [annevk]
... User constituency v. author constituency
13:38:37 [annevk]
... more users, fewer authors
13:38:43 [virginie_galindo_]
virginie_galindo_ has joined #fingerprint
13:38:43 [annevk]
... obligation to users
13:38:45 [npdoty]
I saw a project around the fingerprinting of graphics cards from using WebGL to render an image
13:38:51 [annevk]
... asymmetry to make progress
13:38:59 [annevk]
... how easy is it to undo that progress
13:39:05 [christine]
christine has joined #fingerprint
13:39:14 [fluffy]
13:39:15 [annevk]
... once characteristics are findable, it's easy to monetize
13:39:30 [dom]
dom has joined #fingerprint
13:39:32 [annevk]
... there's a paradox of user control/privacy
13:39:37 [annevk]
... opt in features to preserve privacy
13:39:43 [annevk]
... the act of turning them on make them more unique
13:39:50 [Josh_Soref]
Josh_Soref has joined #fingerprint
13:39:58 [annevk]
... that makes them more unique
13:40:02 [annevk]
... there are ladders
13:40:02 [chong]
chong has joined #fingerprint
13:40:03 [npdoty]
q+ on some client-side fingerprinting being easier to detect/block in the browser
13:40:05 [annevk]
... how much bandwidth
13:40:10 [annevk]
... do these singals give
13:40:19 [Josh_Soref]
scribenick: Josh_Soref
13:40:22 [npdoty]
q+ on "profiles" or standard configurations
13:40:34 [Josh_Soref]
... within useragent, plugins,
13:40:38 [Josh_Soref]
... whitelist of noscript
13:40:38 [drogersuk]
drogersuk has joined #fingerprint
13:40:43 [wseltzer]
q+ to ask what threat models we're using
13:40:50 [Josh_Soref]
... user specific data inferable from application running in ua
13:41:03 [Josh_Soref]
... there are things we advertise deliberately
13:41:07 [Josh_Soref]
... apis for feature detection
13:41:11 [hober]
hober has joined #fingerprint
13:41:16 [Josh_Soref]
... browser is a code execution environment
13:41:20 [Josh_Soref]
... thousands of api points
13:41:22 [rsleevi]
rsleevi has joined #fingerprint
13:41:33 [Josh_Soref]
... paradox, public things
13:41:36 [Josh_Soref]
... major version of browser
13:41:40 [Josh_Soref]
... plus IP address
13:41:45 [Josh_Soref]
... = unique fingerprint
13:41:49 [Josh_Soref]
... where do we draw the line
13:41:58 [Josh_Soref]
... privacy impact of things that maintain state
13:42:03 [Josh_Soref]
... this is an IETF spec
13:42:05 [wei_]
wei_ has joined #fingerprint
13:42:05 [Josh_Soref]
... HSTS
13:42:12 [Josh_Soref]
... an HSTS super cookie
13:42:15 [Josh_Soref]
... of one bit
13:42:23 [Josh_Soref]
... think about explicitly as state
13:42:35 [Josh_Soref]
... how do we realistically draw these lines
13:42:40 [Josh_Soref]
... what's our adversary look like?
13:42:46 [kboudaou_]
kboudaou_ has joined #fingerprint
13:42:53 [Josh_Soref]
... an individual commercial site, trying to act w/ good intent
13:43:01 [Josh_Soref]
... allow things to work ok
13:43:08 [Josh_Soref]
... but commercial tracking sites
13:43:20 [Josh_Soref]
... have an incentive to de-anonymize
13:43:29 [Josh_Soref]
... then there are state-level actors
13:43:37 [Josh_Soref]
... different consequences for these cases
13:43:39 [martin]
martin has joined #fingerprint
13:43:51 [Josh_Soref]
... targeted ads. v. Syrian dissident
13:44:03 [Josh_Soref]
... WebAppsSec WG didn't agree w/ the UC threat
13:44:10 [Josh_Soref]
... we were presented w/ a bad actor
13:44:22 [Josh_Soref]
... but it ignored all existing ways bad actor could ask
13:44:30 [Josh_Soref]
... if you're going to ask WGs to consider these
13:44:37 [Josh_Soref]
... those kinds of norms matter
13:44:47 [burn]
burn has joined #fingerprint
13:44:52 [Josh_Soref]
... ietf has taken this on to some degree
13:45:00 [Josh_Soref]
... Presence protocols
13:45:04 [Josh_Soref]
... context matters
13:45:09 [Josh_Soref]
... when designing a "new" protocol
13:45:13 [Josh_Soref]
... we never really do that
13:45:20 [Josh_Soref]
... we have a high bandwidth high functionality
13:45:27 [Josh_Soref]
... this is very much like a Covert Channel
13:45:39 [Josh_Soref]
... Lampson's "Confinement Problem"
13:45:47 [Josh_Soref]
... we found it's difficult to minimize bandwidth
13:45:55 [Josh_Soref]
... even when it's an explicit design criteria
13:46:09 [Josh_Soref]
.. we're trying to retroactively remove covert channels w/ 20+ years of history
13:46:17 [Josh_Soref]
... the Private User Agent CG was chartered
13:46:34 [Josh_Soref]
... not sure how approachable it is
13:46:40 [Josh_Soref]
... there's also DNT effort
13:46:49 [Josh_Soref]
... deal with it at Layer 9
13:46:57 [Josh_Soref]
... commerce, agreements, policy, regulation
13:47:01 [Josh_Soref]
... there's Incognito
13:47:11 [Josh_Soref]
... this is more where the adversary is your Mom
13:47:19 [Josh_Soref]
... there are UAs
13:47:32 [Josh_Soref]
... designed to avoid selective fingerprint
13:47:41 [drogersuk]
selective minuting on the "mom" problem there josh ;-)
13:47:44 [Josh_Soref]
... there's an approach to create a standard fignerprint
13:47:55 [Josh_Soref]
... NSA using an out of date Firefox UA
13:47:59 [wseltzer]
[Torbutton design document:]
13:48:02 [Josh_Soref]
[ slide of feedback from twitter ]
13:48:18 [npdoty]
"it's impossible, we should try anyway" "the bread and butter of the security community"
13:48:50 [bradee-oh]
13:49:40 [Josh_Soref]
bradh: distinction between passive and active
13:49:49 [Josh_Soref]
... i'll open the floor
13:49:49 [npdoty]
13:49:50 [Josh_Soref]
Topic: Feedback
13:49:57 [Josh_Soref]
RRSAgent, draft minutes
13:49:57 [RRSAgent]
I have made the request to generate Josh_Soref
13:49:58 [bhill2]
13:49:59 [npdoty]
ack npdoty
13:49:59 [Zakim]
npdoty, you wanted to comment on some client-side fingerprinting being easier to detect/block in the browser and to comment on "profiles" or standard configurations
13:50:10 [drogersuk]
13:50:20 [bblfish]
bblfish has joined #fingerprint
13:50:24 [Josh_Soref]
npdoty: thanks bradh
13:50:35 [Josh_Soref]
... i want to follow up on a couple of points
13:50:45 [Josh_Soref]
... distinction you're pointing out re: active v. passive
13:51:05 [Josh_Soref]
... it's relatively easy to detect when a web page is trying to access all of my fonts
13:51:09 [Josh_Soref]
... a browser could clamp down on that
13:51:19 [Josh_Soref]
... but when we add an identifiable header
13:51:23 [Josh_Soref]
... they're hard to detect
13:51:30 [Josh_Soref]
... and very easy to use for finger print
13:51:36 [Josh_Soref]
... maybe we can make a substantial difference
13:51:40 [Josh_Soref]
... i like standardized configurations
13:51:45 [Josh_Soref]
... i've heard the move to mobile browsers
13:51:52 [Josh_Soref]
... standardized screen sizes
13:51:57 [Josh_Soref]
... updated browsers
13:52:11 [Josh_Soref]
... have actually reversed the distinguishability bits
13:52:13 [Josh_Soref]
... on DNT
13:52:15 [dbaron]
13:52:20 [Josh_Soref]
... rather than engaging in an Arms RAce
13:52:23 [Josh_Soref]
13:52:30 [Josh_Soref]
... DNT allows for a cooperative solution
13:52:41 [Josh_Soref]
... it's explicitly focused on Cooperative
13:52:46 [Josh_Soref]
.. we understand there are attackers who won't
13:52:52 [bblfish]
13:52:56 [Josh_Soref]
... that's why i think it's worth persuing
13:53:05 [Dewa]
Dewa has joined #fingerprint
13:53:05 [npdoty]
ack wseltzer
13:53:05 [Zakim]
wseltzer, you wanted to ask what threat models we're using
13:53:26 [Josh_Soref]
wseltzer: i wanted to go a bit further into questions
13:53:29 [Josh_Soref]
... the threat model
13:53:33 [Josh_Soref]
... and the user we're trying to defend
13:53:41 [Josh_Soref]
... a user who is taking steps to protect privacy
13:53:49 [Josh_Soref]
... could be aided by extra features for privacy
13:53:50 [dom]
q+ to ask to hear from non-privacy advocates
13:53:59 [Josh_Soref]
... even if passive user is exposing too much data to protect
13:54:02 [annevk]
FWIW, the way I approached this problem was by tackling small things. Removing Accept-Charset, removing bits from User-Agent, making the format of Accept-Encoding more normalized accross browsers, etc. There's a lot of bits unfortunately :/
13:54:17 [Josh_Soref]
... users vary from passive user, to incognito, to Tor in a dedicated VM
13:54:20 [Josh_Soref]
... i'm interested in
13:54:40 [Josh_Soref]
ack drogersuk
13:54:43 [Josh_Soref]
drogersuk: great presentation
13:54:54 [bblfish]
13:54:57 [Josh_Soref]
... i agree on threat models
13:55:02 [Josh_Soref]
... in Web Crypto, and DAP
13:55:12 [Josh_Soref]
... everyone avoids the difficult questions around where's the threat from
13:55:15 [Josh_Soref]
... and risk quantification
13:55:21 [fwagner]
is the great presentation somewhere available ?
13:55:31 [Josh_Soref]
... if user is taking technical measures
13:55:40 [Josh_Soref]
... it's a different user than child browsing internet
13:55:53 [Josh_Soref]
bradh: even users interested in anonymity and privacy
13:55:54 [lstorset]
lstorset has joined #fingerprint
13:55:58 [Josh_Soref]
... needs a browser that works
13:56:04 [Josh_Soref]
... you could take the NSA route
13:56:14 [Josh_Soref]
... "used to browse the web w/ JS off"
13:56:19 [Josh_Soref]
... but that makes the web unusable
13:56:25 [Josh_Soref]
... how do we keep moving?
13:56:33 [Josh_Soref]
... create a profile that tries to hide things
13:56:38 [Josh_Soref]
... but have that profile move forward
13:56:41 [Josh_Soref]
13:56:45 [Josh_Soref]
ack dbaron
13:56:54 [npdoty]
does the profile need to be static? or does a rotating and updating profile actually help as a defense?
13:57:05 [Josh_Soref]
dbaron: after speaking to various groups
13:57:11 [Josh_Soref]
... i don't think we can solve this from a technical perspective
13:57:15 [Josh_Soref]
... not even w/ fancy new tech
13:57:18 [Josh_Soref]
... w/ tech from a long time
13:57:23 [Josh_Soref]
... http-cache, redirect, cookies
13:57:36 [Josh_Soref]
... give huge opportunities for tracking users
13:57:48 [tlr]
tlr has joined #fingerprint
13:57:51 [tlr]
13:57:59 [Josh_Soref]
dbaron: go into a room asking about fingerprinting users
13:58:00 [rigo]
13:58:03 [Josh_Soref]
... they'll come up w/ more things
13:58:11 [Josh_Soref]
... if we want to fix it for really privacy concerned users
13:58:25 [Josh_Soref]
... but i can't think of how to do it w/o significant degredation to UX
13:58:32 [fjh]
13:58:35 [Josh_Soref]
bradh: so, is it a lost cause that spec authors shouldn't consider?
13:58:36 [wseltzer]
q+ to ask can we ID the features, so a user can choose privacy even at the cost of breakage?
13:58:37 [tlr]
I think active tracking has become part of the architecture.
13:58:48 [Josh_Soref]
dbaron: the first casual category is relevant and worth considering
13:59:01 [Josh_Soref]
... i don't think there's a realistic approach for serious attackers and average users
13:59:02 [tlr]
(i.e., there's client-side state that can be written and read back)
13:59:02 [Josh_Soref]
acak dom
13:59:06 [Josh_Soref]
s/acak dom/
13:59:06 [tlr]
ack dom
13:59:06 [Zakim]
dom, you wanted to ask to hear from non-privacy advocates
13:59:15 [ekr]
ekr has joined #fingerprint
13:59:18 [ekr]
13:59:19 [Josh_Soref]
dom: in many of the WGs i've been in, this question comes up, again and again
13:59:26 [Josh_Soref]
... the question comes back, do we need to care or not?
13:59:26 [fluffy]
13:59:29 [bblfish]
13:59:29 [npdoty]
it may be easy, but if it's SO easy, then we wouldn't make advances towards anonymity, and it seems like we occasionally do (clearing Flash LSOs)
13:59:33 [Josh_Soref]
... we've heard plenty of people who says "yes it matters"
13:59:41 [Josh_Soref]
... but the cost of making it happen is so high
13:59:45 [Josh_Soref]
... for the platform
13:59:50 [fluffy]
13:59:53 [Josh_Soref]
... maybe we won't have an answer today
14:00:07 [Josh_Soref]
... what i'm hoping is we'll have a better understanding today, to how to go
14:00:09 [burn]
14:00:13 [Josh_Soref]
... if the answer is, "it's complicated"
14:00:22 [Josh_Soref]
... i'd like to document various answers/things to consider
14:00:23 [christine]
14:00:24 [Josh_Soref]
ack rigo
14:00:32 [Josh_Soref]
rigo: first of all
14:00:41 [Josh_Soref]
... when we talk about creativity of those fingerprinting
14:00:53 [Josh_Soref]
... we should talk about creativity of those trying to prevent fingerprinting
14:00:56 [Josh_Soref]
... we should actually
14:01:02 [Josh_Soref]
... the more info you expose, the better fingerprinting works
14:01:12 [Josh_Soref]
... the better fingerpinting adaptation works
14:01:23 [Josh_Soref]
... privacy in my European thread is
14:01:27 [Josh_Soref]
.. "is it really necessary"
14:01:32 [npdoty]
I'm not sure the privacy position here is "no bits of entropy are allowed in new specs"; just that we should balance the fingerprinting risk and not do so egregiously since we can do better or worse on this problem
14:01:33 [Josh_Soref]
14:01:47 [Josh_Soref]
... if it's necessary in the context, then that may justify the risk
14:01:58 [Josh_Soref]
... but i have some trouble w/ PeterXX's tool
14:02:03 [Josh_Soref]
... if i'm one in 126k
14:02:08 [Josh_Soref]
... v. 1 in 576k
14:02:24 [Josh_Soref]
... what is it hindering/doing
14:02:33 [Josh_Soref]
dom: every WG when they hear about Fingerprinting
14:02:37 [Josh_Soref]
... they say, yeah, let's think
14:02:43 [Josh_Soref]
... but then we can't do this/this/that
14:02:51 [Josh_Soref]
... the problem is calculating cost-benefit
14:02:53 [hsivonen]
14:02:57 [Josh_Soref]
... if you ask WG, to think, they'll say yeah
14:03:02 [Josh_Soref]
... but we can't do anything
14:03:05 [npdoty]
dom, +1 on creating better metrics for calculating costs/benefits
14:03:09 [Josh_Soref]
rigo: WG puts its shoes of user
14:03:16 [Josh_Soref]
... because it wants to decide if exposing info is good or not
14:03:23 [Josh_Soref]
... after 8 years of privacy research
14:03:30 [Josh_Soref]
... some sites i want to expose full details
14:03:36 [Josh_Soref]
... but other sites, i'd like to expose less
14:03:41 [burn]
rigo, +1 on this being about trust
14:03:50 [Josh_Soref]
... ok consider risk
14:03:55 [Josh_Soref]
... ok lose functionality
14:03:58 [Josh_Soref]
... ok ask user
14:04:05 [bhill2]
14:04:06 [Josh_Soref]
... that last one is a four letter word to browser vendors
14:04:08 [Josh_Soref]
ack fluffy
14:04:08 [fluffy]
14:04:16 [bblfish]
agree with rigo
14:04:16 [tlr]
ack fjh
14:04:18 [Josh_Soref]
ack fjh
14:04:22 [Josh_Soref]
fjh: business driver
14:04:36 [Josh_Soref]
q+ fluffy(afterbblfish)
14:04:51 [Josh_Soref]
... solutions may not be available technically today
14:04:53 [Josh_Soref]
... but maybe tomorrow
14:05:02 [Josh_Soref]
... and regulatory may appear
14:05:10 [Josh_Soref]
... just saying you can't deal w/ it and discard isn't right
14:05:15 [Josh_Soref]
... but try to document things
14:05:22 [Josh_Soref]
... so at least you understand where things are at
14:05:28 [Josh_Soref]
... and legal/regulatory catches up
14:05:30 [Josh_Soref]
ack ekr
14:06:00 [Josh_Soref]
ekr: there's an interaction between security and non-security
14:06:11 [Josh_Soref]
... security says these are the unpleasant facts
14:06:21 [Josh_Soref]
... and non-security says "why can't you do better"?
14:06:27 [Josh_Soref]
... on WebGL fingerprinting, it's impossible
14:06:37 [Josh_Soref]
... or malware/software vulnerability
14:06:43 [Josh_Soref]
... attackers have way too much of an advantage
14:07:05 [Josh_Soref]
... you'd need to come up w/ a plausible solution to secure existing browsers
14:07:08 [npdoty]
I'm not sure I understand the analogy; we aren't always constantly suffering from malware even though it's a tough problem to solve entirely
14:07:16 [Josh_Soref]
... there's a line in the sand between active and passive
14:07:24 [Josh_Soref]
... new passive vectors need justification
14:07:30 [Josh_Soref]
... new active don't worry about
14:07:32 [Josh_Soref]
14:07:32 [npdoty]
ack bblfish
14:07:35 [Josh_Soref]
ack bblfish
14:07:41 [Josh_Soref]
bblfish: agree w/ rigo
14:07:46 [Josh_Soref]
... from identity space
14:07:50 [wseltzer]
npdoty, but if the attacker can exploit security flaws, he can often win a super-fingerprint
14:07:50 [fjh]
specs should indicate the risks and fingerprinting threats even if no technical solution obvious as there is a technical ands social dimension that should be understood
14:07:51 [Josh_Soref]
... transparency of identity to user
14:08:02 [Josh_Soref]
... safari - cert once, you never see you're sending it
14:08:14 [Josh_Soref]
... i think it should be clear in UI to show what identity you're sending
14:08:15 [fjh]
s/technical/legal, regulatory/
14:08:23 [Josh_Soref]
... color coding
14:08:35 [Josh_Soref]
... browser doesn't tell you that you're setting cookies
14:08:43 [Josh_Soref]
Josh_Soref: note that browsers once did show cookies
14:08:46 [Josh_Soref]
... and it failed miserably
14:08:49 [bradee-oh]
14:08:55 [Josh_Soref]
bblfish: this is only solvable w/ ui designers
14:09:01 [Josh_Soref]
... and crypto people, etc
14:09:01 [fjh]
thus when the demand for a solution results in corresponding regulation/legal mechanisms it will make it clear where technologies are impacted
14:09:08 [Josh_Soref]
... aza raskin did some demos
14:09:11 [Josh_Soref]
... i want more transparency
14:09:17 [bhill2]
14:09:21 [fjh]
so it is not a lost cause
14:09:21 [Josh_Soref]
ack fluffy
14:09:45 [Josh_Soref]
fluffy: i love the idea of having a mode
14:09:55 [Josh_Soref]
... where i could run a browser in a way where i could lose some functionality
14:09:56 [bblfish]
so that was relevant because it is feasible perhaps if you make it transparent what level you are in as a user
14:10:00 [Josh_Soref]
... but i have some functionality
14:10:05 [Josh_Soref]
... protect against script kiddie
14:10:08 [Josh_Soref]
... not against NSA
14:10:10 [Josh_Soref]
... how do we build it
14:10:15 [hhalpin]
hhalpin has joined #fingerprint
14:10:19 [Josh_Soref]
... minimal functionality against weakest attacks
14:10:30 [Josh_Soref]
... no one knows how to protect against timing attacks
14:10:35 [Josh_Soref]
... it's a long term research problem
14:10:45 [fjh]
I liked nick's point that a browser could disallow large scale info collection
14:10:47 [Josh_Soref]
... solve simplest attack against simplest cases
14:10:50 [Josh_Soref]
14:10:55 [Josh_Soref]
ack burn
14:11:02 [Josh_Soref]
burn: as an individual user, i want privacy
14:11:08 [Josh_Soref]
.. but i agree w/ rigo, issue here is trust
14:11:16 [Josh_Soref]
... if we want open web platform to be the platform for applications
14:11:22 [Josh_Soref]
... same as if downloading apps for platform
14:11:33 [Josh_Soref]
... for my phone, i get to look up information before i choose to download+install
14:11:38 [Josh_Soref]
... am i safe? no
14:11:46 [Josh_Soref]
... and once i install, it can finger print me completely
14:11:48 [npdoty]
can we be clearer about that attack, fluffy? do we know that it's being used frequently in the wild? is it the kind of attack that works over long periods of time? why do sites still use cookies if it's so trivial?
14:11:54 [Josh_Soref]
... but i made a trust distinction first
14:12:05 [Josh_Soref]
... i'm not sure how we do it
14:12:13 [Josh_Soref]
... i'd like to see a way to indicate your trust level in a web site
14:12:19 [Josh_Soref]
... i trust X not to be bad to me
14:12:20 [fjh]
one approach has been reputation management
14:12:24 [Josh_Soref]
... i don't trust the rest
14:12:36 [Josh_Soref]
... maybe the default is that i go through tor except for ones i trust
14:12:38 [rigo]
14:12:49 [Josh_Soref]
... maybe i go through Tor for them
14:12:58 [Josh_Soref]
christine: i'm in IETF
14:13:00 [npdoty]
ack christine
14:13:07 [Josh_Soref]
... this is difficult
14:13:15 [Josh_Soref]
... i'd be very upset if the answer is "yes, it's a lost cause"
14:13:17 [npdoty]
s/in IETF/from the Internet Society, co-chair of the Privacy Interest Group/
14:13:19 [Josh_Soref]
... i don't think it's a lost cause
14:13:26 [Josh_Soref]
... we may not solve it completely today
14:14:16 [Josh_Soref]
... there's been a suggestion about developing a workshop
14:14:27 [bblfish]
my earlier point summarised was: that was ( agreeing with Rigo I think ) that the user should be able to see his privacy level ( there is not even something for cookies currently) - there should be a principal of transparency of identity in the browser. This could allow the browser to understand how much of such passive fingerprinting could be going on.
14:14:31 [Josh_Soref]
hsivonen: commenting on WGs deciding if it's worth it
14:14:32 [Josh_Soref]
ack hsivonen
14:14:38 [Josh_Soref]
... to decide if it's worth it
14:14:46 [Josh_Soref]
... to make tradeoff
14:14:49 [Josh_Soref]
... i think it's rather worthless
14:14:54 [Josh_Soref]
... even if we started from 0 bits
14:15:04 [Josh_Soref]
... after a few WGs decide they get to disclose a few bits
14:15:06 [npdoty]
there is a tragedy of the commons problem
14:15:11 [Josh_Soref]
... then at some point we reach "enough identifiable bits"
14:15:12 [KenjiBX_]
KenjiBX_ has joined #fingerprint
14:15:18 [Josh_Soref]
... at which point the next WG say "why bother"
14:15:26 [Josh_Soref]
... since each user is identifiable
14:15:31 [Josh_Soref]
... so they will just expose
14:15:44 [Josh_Soref]
... on the idea of using Tor for everything you don't trust
14:15:47 [Josh_Soref]
... who wants that UX?
14:15:58 [Josh_Soref]
... if you want to put some traffic through Tor to keep it separate from the browser
14:16:02 [rigo]
14:16:05 [Josh_Soref]
... you need to put tor in a VM
14:16:10 [Josh_Soref]
... that's a shared VM image
14:16:16 [Josh_Soref]
... that everyone using Tor uses the same image
14:16:18 [caribou]
it's precisely because a WG said "why bother" that we are in this room
14:16:19 [Josh_Soref]
... and reset everything
14:16:26 [Josh_Soref]
... every few minutes
14:16:31 [Josh_Soref]
... you lose everything there
14:16:33 [Josh_Soref]
... no bookmarks
14:16:34 [dbaron]
or every cross-domain redirect
14:16:35 [Josh_Soref]
... and if you run JS
14:16:41 [wseltzer]
TAILS: (Tor on a liveCD VM)
14:16:48 [Josh_Soref]
... potential attackers can see how fast your CPU is
14:16:54 [Josh_Soref]
... and see your screen size
14:17:00 [Josh_Soref]
... for the thing where you don't
14:17:04 [Josh_Soref]
... where attacker can't run JS
14:17:04 [burn]
14:17:05 [dbaron]
or every cross domain link (anchor or embedding)
14:17:08 [Josh_Soref]
... it might not be futile
14:17:26 [Josh_Soref]
... so for everyone who tries to fingerprint may get caught
14:17:36 [Josh_Soref]
... if you get caught, it's possible to apply legal solutions
14:17:44 [Josh_Soref]
... but if you fingerprint through http headers
14:17:49 [Josh_Soref]
... and send back results
14:17:55 [Josh_Soref]
... there's no way to audit from outside
14:18:03 [Josh_Soref]
... i think it's futile to try to make JS non fingerprintable
14:18:15 [Josh_Soref]
... but it might make sense to make pure server side fingerprinting
14:18:22 [Josh_Soref]
... make sure there's a risk to get caught
14:18:27 [Josh_Soref]
... with social/legal consequences
14:18:29 [bblfish]
+1 sounds interesting
14:18:40 [Zakim]
wseltzer, you wanted to ask can we ID the features, so a user can choose privacy even at the cost of breakage?
14:18:43 [Josh_Soref]
... for cache attacks, you need keys by referer origin
14:18:50 [npdoty]
I think the detectable client-side fingerprinting also provides the possibility that a concerned user agent could detect or disable it in real-time
14:18:58 [Josh_Soref]
wseltzer: i wanted to make more concrete the privacy user UC
14:19:03 [Josh_Soref]
... tor provides a browser bundle
14:19:10 [Josh_Soref]
... with fingerprintable elements stripped out
14:19:13 [Josh_Soref]
... it's based on Firefox
14:19:18 [Josh_Soref]
... it's patched to remove features
14:19:20 [hhalpin]
14:19:23 [hhalpin]
14:19:28 [Josh_Soref]
... Tails liveCD is a VM to load the preconfigured browser+tor
14:19:36 [Josh_Soref]
... for users willing to accept a degraded experience
14:19:41 [Josh_Soref]
... not the rich web platform
14:19:50 [Josh_Soref]
... features depending on Flash Video, scripting
14:19:58 [Josh_Soref]
... but anonymous allowing them to post text to a blog
14:20:05 [Josh_Soref]
... i'm hardly suggesting it be made a default
14:20:11 [Josh_Soref]
... no rich video, no fonts, no user media
14:20:19 [Josh_Soref]
... but are there ways we could help Tor developers and others
14:20:25 [Josh_Soref]
... to make the anonymous experience
14:20:29 [Josh_Soref]
... and give users the experience?
14:20:40 [martin]
we're more likely to be informed by those people
14:20:41 [Josh_Soref]
... could it be recommended that the feature be disablable?
14:20:48 [rigo]
14:20:52 [rigo]
14:21:02 [Josh_Soref]
... rather than them having someone decide for them that the rich experience is too good to pass up
14:21:02 [rigo]
14:21:14 [Josh_Soref]
ack burn
14:21:24 [Josh_Soref]
burn: this is more about the user be able to say
14:21:38 [Josh_Soref]
... there may be ways for specs to provide a way for untrusted sites to get something
14:21:47 [Josh_Soref]
... to avoid users getting a 0 experience in that case
14:21:52 [Josh_Soref]
ack hhalpin
14:22:00 [Josh_Soref]
hhalpin: a year ago at identity workshop
14:22:07 [Josh_Soref]
... the various anonymous browsing modes were brought up
14:22:15 [Josh_Soref]
... and their various weaknesses
14:22:26 [Josh_Soref]
... it might make sense to get anonymous surfing on browsers stronger
14:22:30 [Josh_Soref]
... i've used Tails
14:22:36 [Josh_Soref]
... but for many users, the cost is too high
14:22:51 [Josh_Soref]
bradh: sounds like we have a higher resolution definition of the problem set
14:22:56 [Josh_Soref]
... and questions that need to be dealt with
14:23:03 [Josh_Soref]
... if we want to ask spec authors
14:23:10 [Josh_Soref]
... realistic profiles of users, and threat models
14:23:15 [Josh_Soref]
... that's a lot of work to do
14:23:25 [Josh_Soref]
... hope people are passionate to make this possible
14:23:30 [Josh_Soref]
... i'll try to make the slides available
14:23:32 [Josh_Soref]
... thanks everyone
14:23:41 [Josh_Soref]
dom: who would think this is a lost cause?
14:23:49 [Josh_Soref]
fluffy: with current research?
14:23:51 [caribou]
does browsers' privacy mode change the browser's fingerprint?
14:24:12 [Josh_Soref]
dom: is the state of fingerprinting in the browser with the current state so bad, tha making it is futile?
14:24:19 [Josh_Soref]
... who doesn't know?
14:24:27 [hta]
.... for the case where the attacker gets to run JS in your browser....
14:24:33 [Josh_Soref]
tlr: my question is, which question are you asking?
14:24:42 [Josh_Soref]
... hsivonen distinguished between active and passive
14:24:50 [Josh_Soref]
... they're lost/non-lost in different ways
14:25:06 [Josh_Soref]
... is the ability to store data on the client included/compartmentalized?
14:25:07 [hta]
14:25:10 [hta]
14:25:21 [Josh_Soref]
... there's a few questions here that depending on scope create different answers
14:25:22 [hta]
14:25:26 [Josh_Soref]
dom: thanks for the discussion
14:25:30 [Josh_Soref]
... hope there's followup in PIG
14:25:38 [Josh_Soref]
bradh: thanks Josh_Soref for scribing
14:25:42 [Josh_Soref]
[ applause ]
14:25:49 [tanvi]
not sure if the rest of the people weren't answering, or dont think its a lost cause.
14:26:01 [npdoty]
+1, suggest that we continue discussion in PING, as it sounds like there are some possible valuable work items related
14:26:19 [caribou]
tanvi: or not completely lost
14:26:27 [caribou]
s/tanvi:/ tanvi,
14:26:54 [caribou]
rrsagent, make minutes
14:26:54 [RRSAgent]
I have made the request to generate caribou
14:26:56 [lstorset]
lstorset has left #fingerprint
14:27:07 [bhill2]
bhill2 has joined #fingerprint
14:27:11 [bhill2]
RRSAgent make minutes
14:27:26 [caribou]
already done, Brad
14:27:26 [bhill2]
RRSAgent, make minutes
14:27:26 [RRSAgent]
I have made the request to generate bhill2
14:27:31 [bhill2]
RRSAgent, set logs public visible
14:27:46 [fluffy]
fluffy has left #fingerprint
14:28:01 [caribou]
caribou has left #fingerprint
14:38:13 [rsleevi]
rsleevi has left #fingerprint
14:38:14 [rsleevi]
rsleevi has joined #fingerprint
14:38:16 [rsleevi]
rsleevi has left #fingerprint
14:43:46 [annevk]
annevk has left #fingerprint
14:44:45 [fwagner]
fwagner has joined #fingerprint
14:50:05 [anant]
anant has joined #fingerprint
15:00:21 [bhill2]
bhill2 has joined #fingerprint
15:01:07 [hta]
hta has joined #fingerprint
15:03:37 [fwagner]
fwagner has joined #fingerprint
15:03:51 [bradee-oh]
bradee-oh has joined #fingerprint
15:10:43 [burn]
burn has joined #fingerprint
15:10:49 [burn]
burn has left #fingerprint
15:15:26 [fjh]
fjh has joined #fingerprint
15:20:07 [drogersuk]
drogersuk has joined #fingerprint
16:03:19 [tanvi]
tanvi has joined #fingerprint
16:03:34 [tanvi1]
tanvi1 has joined #fingerprint
16:05:19 [tanvi2]
tanvi2 has joined #fingerprint
16:05:56 [tanvi2]
tanvi2 has joined #fingerprint
16:07:24 [hta]
hta has joined #fingerprint
16:08:02 [fwagner]
fwagner has joined #fingerprint
16:19:29 [Dewa]
Dewa has joined #fingerprint
16:31:51 [tlr]
tlr has joined #fingerprint
16:55:09 [Zakim]
Zakim has left #fingerprint
18:50:12 [hta]
hta has joined #fingerprint
20:26:34 [fjh]
fjh has joined #fingerprint