Dnia wtorek, 3 marca 2015 11:50:07 Cathal Garvey pisze:
Hold on there. These are two different beasts. DNT is "please don't
track me" and of course it won't work.
In fact, it's worse. DNT, if set either way, is another pure bit of
browser entropy; it actually *assists* certain forms of tracking,
because it can be expected to remain invariant between visits of a given
browser/user.
Absolutely. However, I did use to give even more bits of entropy bu setting my
UA String in a particular way:
http://rys.io/en/56
Now I just need to start filing lawsuits, I guess. ;)
This is just one of the things making me think the "web" needs a total
re-boot to redesign for security from the boots-up. Servers shouldn't
require user-agents to know how to treat visitors. Scripting is useful
for a rich experience but should be more sand-boxable (ideally, scripts
can be sandboxed to their position in the DOM tree!) and tightly
permission'd. Canvas and other elements should behave deterministically;
this should be part of browser test-suites. Browsers should be allowed
cache fonts but not disclose to the server whether they have a font in
their cache or not.
But look, HTTP/2.0 is comming! Oh, wait:
https://queue.acm.org/detail.cfm?id=2716278
DNT was another nail in the coffin. Either a browser can be tracked by
design, or it can't.
+over9000