Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Link to https://w3c.github.io/fingerprinting-guidance/ for passive entropy references #214

Closed
miketaylr opened this issue Mar 17, 2021 · 7 comments · Fixed by #218
Closed

Link to https://w3c.github.io/fingerprinting-guidance/ for passive entropy references #214

miketaylr opened this issue Mar 17, 2021 · 7 comments · Fixed by #218
Assignees
@miketaylr

Comments

@miketaylr
Copy link
Collaborator

See #200 (comment).
@miketaylr miketaylr self-assigned this Mar 17, 2021
@jwrosewell jwrosewell mentioned this issue Mar 17, 2021
Closed
@jwrosewell
Copy link

The document linked in the title of this issue does not address the concerns raised in the original comment concerning the justification for the proposal. Only those references from the linked document that provide evidence of actual harm in practice can be used to justify the proposal and address the original comment. I would hope we can agree theoretical harm is not the same as actual harm.

Consider the X-Client-Data example. Chrome transmits to a whitelist of Google owned domains an HTTP header named X-Client-Data. This is described by Google here. The value could be used for identification purposes when combined with other available values. Therefore theoretical harm exists. This theoretical harm has been addressed by Google using a document that describes how the information is used.

The same principles exist elsewhere. A web site operator must in their privacy policy describe any identifiers, including probabilistic identifiers. Theoretical harm is similarly addressed. The proposal made no attempt to consider similar remedies that involve professions other than engineering, such as the law. This issue provides an opportunity to address that with evidence and a clear explanation as to why other remedies do not apply in this situation.

@miketaylr
Copy link
Collaborator Author

The document linked in the title of this issue does not address the concerns raised in the original comment concerning the justification for the proposal.

If you can file a new issue (or @ronancremin, it seems the both of you shared similar concerns) to discuss that concern, that would be appreciated, especially since that concern came up in an unrelated issue.

This issue is just a task issue for me to add some hyperlinks, so I'd prefer it stay a simple task. Thanks!

@miketaylr
Copy link
Collaborator Author

(I can also file an issue, but going to be OOO for a few days)

@ronancremin
Copy link

Done: #215

@jwrosewell jwrosewell mentioned this issue Mar 18, 2021
Open
@jyasskin
Copy link
Member

This spec should cite https://w3c.github.io/fingerprinting-guidance/#avoid-passive-increases in particular, which explains why passive entropy is worse than active: "Passive fingerprinting allows for easier and widely-available identification, without opportunities for external detection or control by users or third parties."

@jwrosewell
Copy link

@jyasskin Thanks for pointing to the section on the theoretical harm. Is there any evidence of actual harm that can be pointed to for issue #215?

@jyasskin
Copy link
Member

I'll keep this as a task issue, as @miketaylr requested, but answer on #215.

@jyasskin jyasskin mentioned this issue Mar 22, 2021
Open
miketaylr added a commit to miketaylr/ua-client-hints that referenced this issue Mar 23, 2021
@miketaylr
Issue WICG#214 - Add references to [[FINGERPRINTING-GUIDANCE]]
76cdee7 
https://w3c.github.io/fingerprinting-guidance/
@miketaylr miketaylr linked a pull request Mar 23, 2021 that will close this issue
Fixes #214 - Add (non-normative) references to [[FINGERPRINTING-GUIDANCE]] #218
Merged
miketaylr added a commit that referenced this issue Mar 25, 2021
@miketaylr
Merge pull request #218 from miketaylr/issues/214/1
c8719a3 
Fixes #214 - Add (non-normative) references to [[FINGERPRINTING-GUIDANCE]]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@miketaylr miketaylr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #214 - Add (non-normative) references to [[FINGERPRINTING-GUIDANCE]] miketaylr/ua-client-hints
4 participants
@miketaylr @jyasskin @ronancremin @jwrosewell