Author: rransom Date: 2011-04-26 15:02:34 +0000 (Tue, 26 Apr 2011) New Revision: 24672
Modified: projects/articles/browser-privacy/W3CIdentity.tex Log: Fix some minor style issues
Modified: projects/articles/browser-privacy/W3CIdentity.tex =================================================================== --- projects/articles/browser-privacy/W3CIdentity.tex 2011-04-26 11:18:08 UTC (rev 24671) +++ projects/articles/browser-privacy/W3CIdentity.tex 2011-04-26 15:02:34 UTC (rev 24672) @@ -194,11 +194,12 @@ The Panopticlick project by the EFF provides us with exactly this metric\cite{panopticlick}. The researchers conducted a survey of volunteers who were asked to visit an experiment page that harvested many of the above -components. They then computed the Shannon Entropy of the resulting +components. They then computed the Shannon entropy of the resulting distribution of each of several key attributes to determine how many bits of identifying information each attribute provided.
-While not perfect\footnotemark, this metric allows us to prioritize effort at +While not perfect\footnotemark, this metric allows us to prioritize our efforts +on the components that have the most potential for linkability.
\footnotetext{In particular, the test does not take in all aspects of @@ -246,38 +247,40 @@ on a per-origin basis.
An early relevant example of this idea is SafeCache\cite{safecache}. -SafeCache seeks to reduce the ability for 3rd party content elements to use +SafeCache seeks to reduce the ability for third-party content elements to use the cache to store identifiers. It does this by limiting the scope of the -cache to the top-level origin in the url bar. This has the effect that +cache to the top-level origin in the URL bar. This has the effect that commonly sourced content elements are fetched and cached repeatedly, but this is the desired property. Each of these prevalent content elements can be crafted to include unique identifiers for each user, tracking users who attempt to avoid tracking by clearing cookies.
-The Mozilla development wiki describes an origin model cookie transmission -improvement written by Dan Witte\cite{thirdparty}. Dan describes a new +The Mozilla development wiki describes an origin model improvement for +cookie transmission +written by Dan Witte\cite{thirdparty}. Dan describes a new dual-keyed origin for cookies, so that cookies would only be transmitted if -they matched both the top level origin and the third party origin involved in +they matched both the top-level origin and the third-party origin involved in their creation. This approach would go a long way towards preventing implicit tracking across multiple websites, and has some interesting properties that make user interaction with content elements more explicitly tied to the current site. +% XXXX I can't tell what this paragraph is supposed to mean. --RR
Similarly, one could imagine this two level dual-keyed origin isolation being deployed to improve similar issues with DOM Storage and cryptographic tokens.
Making the origin model for browser identifiers more closely match user activity and user expectation has other advantages as well. With a clear -distinction between 3rd party and top-level cookies due to double-keying, the +distinction between third-party and top-level cookies due to double-keying, the privacy settings window could have a user-intuitive way of representing the -user's relationship with different origins, perhaps by using only the favicon +user's relationship with different origins, perhaps by using only the `favicon' of that top level origin to represent all of the browser state accumulated by that origin. The user could delete the entire set of browser state (cookies, cache, storage, cryptographic tokens) associated with a site simply by removing its favicon from their privacy info panel.
The problem with origin model improvement approaches is that individually, -they do not fully address the entire linkability problem unless the same +they do not fully address the linkability problem unless the same restriction is applied uniformly to all aspects of stored browser state, and all other linkability issues are dealt with. Behind-the-scenes partnerships can easily allow companies to continue to link users to their identities