REAL-ID Phone Access Coming Soon

rysiek rysiek at hackerspace.pl
Tue Mar 3 16:45:15 PST 2015


Dnia wtorek, 3 marca 2015 11:50:07 Cathal Garvey pisze:
>  > Hold on there. These are two different beasts. DNT is "please don't
>  > track me" and of course it won't work.
> 
> In fact, it's worse. DNT, if set either way, is another pure bit of
> browser entropy; it actually *assists* certain forms of tracking,
> because it can be expected to remain invariant between visits of a given
> browser/user.

Absolutely. However, I did use to give even more bits of entropy bu setting my 
UA String in a particular way:
http://rys.io/en/56

Now I just need to start filing lawsuits, I guess. ;)

> This is just one of the things making me think the "web" needs a total
> re-boot to redesign for security from the boots-up. Servers shouldn't
> require user-agents to know how to treat visitors. Scripting is useful
> for a rich experience but should be more sand-boxable (ideally, scripts
> can be sandboxed to their position in the DOM tree!) and tightly
> permission'd. Canvas and other elements should behave deterministically;
> this should be part of browser test-suites. Browsers should be allowed
> cache fonts but not disclose to the server whether they have a font in
> their cache or not.

But look, HTTP/2.0 is comming! Oh, wait:
https://queue.acm.org/detail.cfm?id=2716278

> DNT was another nail in the coffin. Either a browser can be tracked by
> design, or it can't.

+over9000

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20150304/b06a7e13/attachment-0003.sig>


More information about the cypherpunks mailing list