Dnia wtorek, 3 marca 2015 11:50:07 Cathal Garvey pisze: > > Hold on there. These are two different beasts. DNT is "please don't > > track me" and of course it won't work. > > In fact, it's worse. DNT, if set either way, is another pure bit of > browser entropy; it actually *assists* certain forms of tracking, > because it can be expected to remain invariant between visits of a given > browser/user.
Absolutely. However, I did use to give even more bits of entropy bu setting my UA String in a particular way: http://rys.io/en/56 Now I just need to start filing lawsuits, I guess. ;) > This is just one of the things making me think the "web" needs a total > re-boot to redesign for security from the boots-up. Servers shouldn't > require user-agents to know how to treat visitors. Scripting is useful > for a rich experience but should be more sand-boxable (ideally, scripts > can be sandboxed to their position in the DOM tree!) and tightly > permission'd. Canvas and other elements should behave deterministically; > this should be part of browser test-suites. Browsers should be allowed > cache fonts but not disclose to the server whether they have a font in > their cache or not. But look, HTTP/2.0 is comming! Oh, wait: https://queue.acm.org/detail.cfm?id=2716278 > DNT was another nail in the coffin. Either a browser can be tracked by > design, or it can't. +over9000 -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
signature.asc
Description: This is a digitally signed message part.
