Re: ISSUE-5: What is the definition of tracking? from David Singer on 2011-10-28 (public-tracking@w3.org from October 2011)

From: David Singer <singer@apple.com>
Date: Fri, 28 Oct 2011 09:58:15 -0700
To: "public-tracking@w3.org Group WG" <public-tracking@w3.org>
Message-id: <F5B70B18-0530-411C-AA8C-333F4D40CD1D@apple.com>

On Oct 28, 2011, at 2:11 , Jonathan Mayer wrote:

> Here's an illustrative hypothetical.  Suppose, for each page it's embedded on, a third party logs a bunch of browser features (e.g. user agent, plugins, screen dimensions, etc.) plus the page URL.  And suppose the third party makes no attempt to pseudonymously identify users.  The third party suffers a data breach, and malcontents apply trivial fingerprinting algorithms to the data to reconstruct pseudonymous user browsing histories.
> 
> Note that the third party did not hold pseudonymously identified browsing histories - it held pseudonymously identifiable browsing histories.  But that still gives rise to real privacy risks.
> 

By my definition, since it remembered state that was tied to a single transaction (yours), it was tracking you.  Relying on anonymization is like relying on the number 28 bus arriving on time :-(


David Singer
Multimedia and Software Standards, Apple Inc.

Received on Friday, 28 October 2011 16:58:50 UTC