REAL-ID Phone Access Coming Soon
rysiek at hackerspace.pl
Tue Mar 3 16:45:15 PST 2015
Dnia wtorek, 3 marca 2015 11:50:07 Cathal Garvey pisze:
> > Hold on there. These are two different beasts. DNT is "please don't
> > track me" and of course it won't work.
> In fact, it's worse. DNT, if set either way, is another pure bit of
> browser entropy; it actually *assists* certain forms of tracking,
> because it can be expected to remain invariant between visits of a given
Absolutely. However, I did use to give even more bits of entropy bu setting my
UA String in a particular way:
Now I just need to start filing lawsuits, I guess. ;)
> This is just one of the things making me think the "web" needs a total
> re-boot to redesign for security from the boots-up. Servers shouldn't
> require user-agents to know how to treat visitors. Scripting is useful
> for a rich experience but should be more sand-boxable (ideally, scripts
> can be sandboxed to their position in the DOM tree!) and tightly
> permission'd. Canvas and other elements should behave deterministically;
> this should be part of browser test-suites. Browsers should be allowed
> cache fonts but not disclose to the server whether they have a font in
> their cache or not.
But look, HTTP/2.0 is comming! Oh, wait:
> DNT was another nail in the coffin. Either a browser can be tracked by
> design, or it can't.
Michał "rysiek" Woźniak
Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 931 bytes
Desc: This is a digitally signed message part.
More information about the cypherpunks