w3c/fingerprinting-guidance

What is browser fingerprinting and how should specification authors address it.

HTML

Issues

Predictive text and complete loss of privacy
#8 opened 8 years ago by noloader
3
Concrete examples re: features for responsive design
#56 opened 7 months ago by npdoty
0
Should include mention of ephemeral fingerprinting
#44 opened 4 years ago by JensenPaul
4
Mention (capability) negotiation?
#47 opened 3 years ago by samuelweiler
1
how should we consider cumulative impacts of additions to fingerprinting surface?
#54 opened 2 years ago by npdoty
0
"Availability", not "accessibility"
#48 opened 3 years ago by fredrika11y
0
use automatic publishing
#46 opened 4 years ago by samuelweiler
0
Should we recommend Client Hints as method for converting passive surfaces to active?
#42 opened 4 years ago by JensenPaul
1
Should we add a warning about entropy?
#40 opened 4 years ago by JensenPaul
1
Needs to recognise a broader set of stakeholders and concerns - focus on the harm not the method
#45 opened 4 years ago by jwrosewell
3
should we further mitigate threats of identifiers in local storage because some mechanisms won't clear all local storage?
#43 opened 4 years ago by npdoty
0
Clarify "Fingerprinting mitigation levels of success"
#41 opened 4 years ago by JensenPaul
0
Refine definition of fingerprinting to exclude entropy behind a prompt?
#20 opened 6 years ago by jasonanovak
2
Add "concealing mitigations" to mitigations
#38 opened 5 years ago by KOLANICH
1
Best practice style change
#37 opened 5 years ago by marcoscaceres
0
Best practices black background
#36 opened 5 years ago by marcoscaceres
5
backport minor changes
#33 opened 5 years ago by samuelweiler
0
move some hyperlinks to references?
#19 opened 5 years ago by samuelweiler
4
add reference to current privacy/security questionnaire
#29 opened 5 years ago by npdoty
0
Role of prompting as mitigation
#21 opened 5 years ago by jasonanovak
2
Fingerprinting through timing channels
#27 opened 5 years ago by pes10k
0
Explain how using a standard value has a side benefit - increasing the anonymity set.
#23 opened 5 years ago by jasonanovak
1
Example for Best Practice 2?
#22 opened 5 years ago by jasonanovak
2
add code example for fingerprint icon
#18 opened 5 years ago by samuelweiler
5
Move "why is Tor not enough" elsewhere
#17 opened 5 years ago by samuelweiler
0
Provide advice on whether this spec. exposes similar information
#15 opened 5 years ago by dwsinger
1
actionability through a decision tree or other
#13 opened 5 years ago by npdoty
6
cookie-like vs. active and passive categories
#12 opened 5 years ago by npdoty
4
providing hooks for instrumentation/detection of fingerprinting
#11 opened 5 years ago by npdoty
7
Reconcile TAG feedback
#9 opened 5 years ago by slightlyoff
2
additional existing fingerprinting vectors to mention
#7 opened 5 years ago by noloader
1
More specific examples/guidance
#6 opened 5 years ago by npdoty
4
"correlation" vs. "identification" vs. "linking"
#4 opened 5 years ago by npdoty
1
do we cover precision of measurements? (e.g. battery api)
#3 opened 5 years ago by npdoty
2
new paper citation for research section: Hiding in the Crowd
#16 opened 5 years ago by npdoty
0
Discuss impact of revealing hardware information to the web vis-a-vis entropy disclosed.
#26 opened 5 years ago by jasonanovak
2
Additional Example for Best Practice 5
#24 opened 5 years ago by jasonanovak
2
Document duplication of fingerprinting surface if it appears at multiple places
#28 opened 5 years ago by jumde
1
Reference INRIA’s Hiding in the Crowd: an Analysis of the Effectiveness of Browser Fingerprinting at Large Scale?
#25 opened 6 years ago by jasonanovak
1
title of the document should clarify mitigation
#5 opened 8 years ago by npdoty
4
add academic paper on persistent tracking in the wild
#2 opened 8 years ago by npdoty
2
3rd parties collusion and user tracking
#10 opened 8 years ago by noloader
1