TPAC/2012/session-fingerprint

From W3C Wiki
< TPAC‎ | 2012

14:30 - 15:20, Rhone 3

As more features and functionality are added to the Web browser, the more risks we create in terms of privacy and security. As user agent complexity increases, and as they expose more "native" variation in the underlying platform, so does their ability to be uniquely identified (and users tracked) through capability analysis.

The EFF's Panopticlick project already tracks ~60 bits of identifying information available in the typical user agent and certainly a more determined effort could find more, in addition to information available through lower-layer technologies like TCP or side-channels like JavaScript performance profiling.

What responsibility do W3C WG's have to make their technologies passive-privacy friendly, and how is that to be balanced with discoverability and usability?

Topics:

Is preventing fingerprinting a lost cause in the general purpose web user agent?

Where is the bar on trackability?

Lessons from Do Not Track on technical vs. policy-driven approaches

Lessons from anonymous / incognito browser modes

Should specs provide standard defaults for anonymous / incognito / Tor browser modes?


People who have expressed interest: Dominique Hazael-Massieux, Wendy Seltzer, Stefan Hakansson, Nick Doty, Adam Bergkvist, Tobie Langel, Paul Bakaus

Retrieved from "https://www.w3.org/wiki/index.php?title=TPAC/2012/session-fingerprint&oldid=84562"