-
Notifications
You must be signed in to change notification settings - Fork 77
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #218 from miketaylr/issues/214/1
Fixes #214 - Add (non-normative) references to [[FINGERPRINTING-GUIDANCE]]
- Loading branch information
Showing
1 changed file
with
14 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,7 +12,7 @@ Former Editor: Mike West 56384, Google LLC, [email protected] | |
| Abstract: | ||
| This document defines a set of Client Hints that aim to provide developers with the ability to | ||
| perform agent-based content negotiation when necessary, while avoiding the historical baggage and | ||
| passive fingerprinting surface exposed by the venerable `User-Agent` header. | ||
| [=passive fingerprinting=] surface exposed by the venerable `User-Agent` header. | ||
| Indent: 4 | ||
| Default Biblio Status: current | ||
| Markup Shorthands: css off, markdown on | ||
|
|
@@ -48,6 +48,12 @@ urlPrefix: https://wicg.github.io/client-hints-infrastructure/ | |
| urlPrefix: https://tc39.es/ecma262/ | ||
| type: dfn | ||
| text: current realm; url: #current-realm | ||
| urlPrefix: https://w3c.github.io/fingerprinting-guidance/ | ||
| type: dfn | ||
| text: passive fingerprinting; url: #dfn-passive-fingerprinting | ||
| text: active fingerprinting; url: #dfn-active-fingerprinting | ||
| text: Best Practice 1; url: #avoid-passive-increases | ||
|
|
||
| </pre> | ||
| <pre class="biblio"> | ||
| { | ||
|
|
@@ -134,7 +140,8 @@ Client Hints ([[!RFC8942]]) that can provide the client's branding and version | |
| information, the underlying operating system's branding and major version, as well as details about | ||
| the underlying device. Rather than broadcasting this data to everyone, all the time, user agents can | ||
| make reasonable decisions about how to respond to given sites' requests for more granular data, | ||
| reducing the passive fingerprinting surface area exposed to the network. | ||
| reducing the [=passive fingerprinting=] surface area exposed to the network (see [=Best Practice 1=] | ||
| in [[FINGERPRINTING-GUIDANCE]]). | ||
|
|
||
| Examples {#examples} | ||
| -------- | ||
|
|
@@ -547,19 +554,19 @@ Delegation {#delegation} | |
|
|
||
| Client Hints will be delegated from top-level pages via Permissions Policy. This reduces the likelihood that [=user agent=] | ||
| information will be delivered along with subresource requests, which reduces the potential for | ||
| passive fingerprinting. | ||
| [=passive fingerprinting=]. | ||
|
|
||
| That delegation is defined as part of [=append client hints to request=]. | ||
|
|
||
| Fingerprinting {#fingerprinting} | ||
| -------------- | ||
|
|
||
| The primary goal of User Agent Client Hints is to reduce the default entropy | ||
| available to the network for passive fingerprinting. However, it will still be possible | ||
| for some, or all, hints to be requested and used for active fingerprinting purposes by | ||
| available to the network for [=passive fingerprinting=]. However, it will still be possible | ||
| for some, or all, hints to be requested and used for [=active fingerprinting=] purposes by | ||
| first or delegated third parties. As noted in [[#access]], [=User agents=] should consider | ||
| policies to restrict or reduce access to parties that are known to actively | ||
| fingerprint their users. | ||
| policies to restrict or reduce access to parties that are known to <a lt="active fingerprinting"> | ||
| actively fingerprint</a> their users. | ||
|
|
||
| Access Restrictions {#access} | ||
| ------------------- | ||
|
|
||