Client Hints and Fingerprinting
Yoav Weiss <yoav@yoav.ws> Mon, 20 May 2019 07:38 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FE8312013D for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 20 May 2019 00:38:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.899
X-Spam-Level:
X-Spam-Status: No, score=-2.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yoav-ws.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kesu_1ockxRf for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 20 May 2019 00:38:15 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5985F120049 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 20 May 2019 00:38:15 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1hScpf-0005G6-LO for ietf-http-wg-dist@listhub.w3.org; Mon, 20 May 2019 07:35:39 +0000
Resent-Date: Mon, 20 May 2019 07:35:39 +0000
Resent-Message-Id: <E1hScpf-0005G6-LO@frink.w3.org>
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <yoav@yoav.ws>) id 1hScpc-0005FL-7W for ietf-http-wg@listhub.w3.org; Mon, 20 May 2019 07:35:36 +0000
Received: from mail-wr1-x435.google.com ([2a00:1450:4864:20::435]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <yoav@yoav.ws>) id 1hScpa-00068a-6g for ietf-http-wg@w3.org; Mon, 20 May 2019 07:35:35 +0000
Received: by mail-wr1-x435.google.com with SMTP id w8so13321258wrl.6 for <ietf-http-wg@w3.org>; Mon, 20 May 2019 00:35:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yoav-ws.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=7Z0e9X/5+xOrhUWLpN4ryBuAGTa0Y0tJH1KVKcr3D+8=; b=GwPBr5rrppnJ/gMhG+Oymz9G89hRl8ZSC3ldyI97RX9gWU7lCsFWQX68aOB500RWe+ G35Ob0cGojGFwQMy39/wXV+k9HVofkrye9ltr2xKOUL8bleGsiL+TwIlaa1DjYXwi/8b fzHqMPC9NMQFv6ZTZVy0WLOlwcTcvwFWsm6XERL+6qp+Sxt0hKgfoeyUuBxxBSQNbVvw tmtPOnZ7IaNksuR8oaAmk71xumLoov5g0sx3+M0vCjWbMTwsS3e6HWFAW5CTvkb5ZZ9R IRdju7CRkVomRwAz1RBOq/HJsDTQ+ztqy8H+fMuJHALk4jf2vnWvDA7Ll2hv4rztlCnS 103A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=7Z0e9X/5+xOrhUWLpN4ryBuAGTa0Y0tJH1KVKcr3D+8=; b=ZfYuZWmnodLOtmj64gd3uKdEptAuVI+jaQzD5FgCBnBsNgZMkFOauuDE6lL0pUR7lN bXKYJ6xWRSi3+IcwsteCCnEAsX/1A7L2JvrXv9J453CGRgP1nOgOYh4L63c4ukxaBjtE +/xT0nkGwNTNmHcR1sIbY43DqvzbfcADYyJMJGyJ2bX741NvmhWYF7oHyKKGjczhYp2Q sWWv0ltr9mWg+Zq2Zb4jVINInLaAmyVMBsjFCY+tEiKEA6njkLz2WmrOcsg80BNNRrWB sVMnSRlqvB6Bx7kLGdRfP3Zi876rMb7zMXNBv7iHZLFRJstUC46sCIabQ1P8dPIcWhP8 iPTw==
X-Gm-Message-State: APjAAAVVfmyj3nKFqnoLcUe1fzT2FdvJAtywJGmj9/iOxQIqT9/pxso0 PVGQOhDYylULSduPR2f4nQFGd1Jb3CEbdQnpEBVw4i5y
X-Google-Smtp-Source: APXvYqzQ+jrqMIkenUC+SR1NevdUxhNYpOGXoziTG4SSoWcm6vcrpEVx/PpT47huoE9Nt19T07ZyITDIex/KI5NmZFg=
X-Received: by 2002:a5d:4946:: with SMTP id r6mr31491948wrs.310.1558337711234; Mon, 20 May 2019 00:35:11 -0700 (PDT)
MIME-Version: 1.0
From: Yoav Weiss <yoav@yoav.ws>
Date: Mon, 20 May 2019 09:34:54 +0200
Message-ID: <CACj=BEiF_4TSPqQi5BNfdgQRk=SwCMtt8-7zj3o5usSnNVf5Xw@mail.gmail.com>
To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Cc: Mark Nottingham <mnot@mnot.net>, Ilya Grigorik <igrigorik@google.com>, Mike West <mkwst@google.com>, Tommy Pauly <tpauly@apple.com>, Patrick McManus <mcmanus@ducksong.com>
Content-Type: multipart/alternative; boundary="000000000000b7f73c05894cc54b"
Received-SPF: pass client-ip=2a00:1450:4864:20::435; envelope-from=yoav@yoav.ws; helo=mail-wr1-x435.google.com
X-W3C-Hub-Spam-Status: No, score=-5.0
X-W3C-Hub-Spam-Report: AWL=3.879, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1hScpa-00068a-6g c9e356eb87c5b71486420d87de092ede
X-Original-To: ietf-http-wg@w3.org
Subject: Client Hints and Fingerprinting
Archived-At: <https://www.w3.org/mid/CACj=BEiF_4TSPqQi5BNfdgQRk=SwCMtt8-7zj3o5usSnNVf5Xw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/36649
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hey folks, During the HTTPWG meeting in Prague, there were claims that Client-Hints as an infrastructure increases passive fingerprinting surface for browsers and potentially other HTTP clients. I claimed that it is not the case, but we didn't really reach resolution on the matter. I tried to sum up both views on issue 786 <https://github.com/httpwg/http-extensions/issues/786>. Please chime in if you have opinions on the matter. I'd like to verify that a) I captured the concerns raised correctly and b) the mitigations indeed address them. Thanks! :) Yoav
- Client Hints and Fingerprinting Yoav Weiss