Improved Client Identification

Sanel Mesinovic <sanel.mesinovic@ymc.ch> Wed, 04 March 2015 19:15 UTC

Resent-Message-Id: <E1YTEjJ-00014T-Ro@frink.w3.org>
X-From_: sanel.mesinovic@ymc.ch Fri Feb 20 15:36:11 2015
X-Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <sanel.mesinovic@ymc.ch>) id 1YOpch-0000tJ-Dc for ietf-http-wg@listhub.w3.org; Fri, 20 Feb 2015 15:36:11 +0000
X-Received: from mail-la0-f42.google.com ([209.85.215.42]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <sanel.mesinovic@ymc.ch>) id 1YOpcg-0005uy-1S for ietf-http-wg@w3.org; Fri, 20 Feb 2015 15:36:11 +0000
X-Received: by labgq15 with SMTP id gq15so6872677lab.6 for <ietf-http-wg@w3.org>; Fri, 20 Feb 2015 07:35:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ymc.ch; s=google; h=mime-version:date:message-id:subject:from:to:content-type; bh=OZqXIN4dICserAah4tEv/3zLNYeL0ZuNiJY7dIeFMc4=; b=R6nSdCAwDXL5etcL5dVX8yAnBP06jFkWOUbBJDma6T7IRPbJFOeLpTtnGQaM/GSV+X DAi0UC7biP+mgTPDqjIJGyd9m14U/KgAbQCGC8k2Y2lkghATTQM+AsUI50jF1zwneTp9 Mb+azQES2QiGXv748WRC4iqGl+mLbpsrOWIFc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=OZqXIN4dICserAah4tEv/3zLNYeL0ZuNiJY7dIeFMc4=; b=XRQIfrWPrDDjEp2c5mvRbq9qEtD3l6LXGKrIuzxmNJ8J0aNpbb7fQBRG9+cESSAXaj ruiz7FqM1VrbGpmymhxXCL1e8MTaIke2d/M28COJUpx+U2lUOJDaM77sBZTDNbZmOCAE HhtApu24xdQWaDXJtmxhr14LX+538pDla4BAA84mZZy+5Qu9oyogkZHP8hAg9UDpRQ7D jgqa+nautio4zaQhhKE+ToEgKshVRSYAdIBb5YLbPBPfzuFM2SQcWYp0/9Fnth5tPSMN eiPDGhYBSzxAKYaTecIzcAHM6vlMvvvGTlamoWXjwXm9PiMiceJLXIdqhqRKN2uJKv+8 8Okw==
X-Gm-Message-State: ALoCoQmwMz6y2TDIFHLkPPcrMI1cJzpAW2Hvtr37zx76knKktXxzXeygikrdOjWVh9h4B054LG8X
MIME-Version: 1.0
X-Received: by 10.112.200.66 with SMTP id jq2mr8795124lbc.115.1424446542508; Fri, 20 Feb 2015 07:35:42 -0800 (PST)
X-Received: by 10.25.163.2 with HTTP; Fri, 20 Feb 2015 07:35:42 -0800 (PST)
Old-Date: Fri, 20 Feb 2015 16:35:42 +0100
Message-ID: <CADP4zhFON3u03kYfL2iYhhOoZ91LoLkcNamphFKniba2YdmugA@mail.gmail.com>
From: Sanel Mesinovic <sanel.mesinovic@ymc.ch>
To: ietf-http-wg@w3.org
Content-Type: multipart/alternative; boundary="001a11c37ace2b0d8e050f86ce35"
Received-SPF: permerror client-ip=209.85.215.42; envelope-from=sanel.mesinovic@ymc.ch; helo=mail-la0-f42.google.com
X-W3C-Hub-Spam-Status: No, score=2.3
X-W3C-Hub-Spam-Report: ADVANCE_FEE_3_NEW=3.053, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001
X-W3C-Scan-Sig: lisa.w3.org 1YOpcg-0005uy-1S f52018772b47eb926ed6b49a051a8720
Old-X-Envelope-To: ietf-http-wg
Date: Fri, 20 Feb 2015 15:36:14 +0000
ReSent-Date: Wed, 04 Mar 2015 14:13:06 -0500
ReSent-From: Yves Lafon <ylafon@w3.org>
ReSent-To: ietf-http-wg@w3.org
ReSent-Subject: [Moderator Action] Improved Client Identification
ReSent-User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
X-Original-To: ietf-http-wg@w3.org
Subject: Improved Client Identification
Archived-At: <http://www.w3.org/mid/CADP4zhFON3u03kYfL2iYhhOoZ91LoLkcNamphFKniba2YdmugA@mail.gmail.com>
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/28884
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hello,

I found your email address here <https://httpwg.github.io/about/policies/>.
Have one small contribution / request to make to the new HTTP 2 protocol.
Already wrote an email long time ago to Tim Berners Lee however no reply.
Maybe someone already during this time already raised the issue.

In my opinion the new protocol should introduce a better way to uniquely
identify the client. Currently it is not possible to uniquely identify a
user. IP identification is not reliable. There can be two or more users
behind the same IP. Session identification is even worse.

There are many advantages of using better identification:

a.) web analytics could track unique visitors per time period much more
accurately
b.) tracking user activity in apps e.g. not allowing the same user to like
the page if he has already clicked the Like / Vote button
c.) law enforcement could much easier prove who was the culprit behind the
criminal activity
d.) other reasons

In my vision the protocol should allow the server side to ask or the client
side to send the system data to the server. There could be two scenarios:

1.) The server could specify that the browser must provide the UNIQUE DATA
2.) The client could send the UNIQUE DATA by using javascript.

The definition of what is UNIQUE DATA could be:

a.) hardware component serial numbers but it might be too invasive e.g. HDD
= *5QE0RCHD* , MAC address = *01:23:45:67:89:ab*
b.) an agreed hash over serial numbers of the hardware components e.g. MAC
+ HDD  e.g. MD5 / SHA1 => *bb137c684f8a89e77ad09c101ec07ade*
c.) other solution

The suggestion does not have to use HDD or MAC address. Could be a
combination of more or other hardware components.

The unique data transmitted to the server could be stored in a newly
defined Header of the HTTP2 protocol.

It would be the Browser's responsibility to get the system data, specify
the UNIQUE DATA and add it to the HTTP request.

Looking forward to hearing from you.

Best regards,

Sanel Mesinovic

-- 
Sanel Mesinovic
Software Engineer
YMC AG
Sonnenstrasse 4
8280 Kreuzlingen
Switzerland

Web http://www.ymc.ch/en/author/sanel-mesinovic

Improved Client Identification Sanel Mesinovic
Re: Improved Client Identification Andrew Mulholland
Re: Improved Client Identification Cory Benfield
Re: Improved Client Identification Chris Seal (HWEL - 3 Solutions - Technology Manager)