Re: A question about user tracking with QUIC
"Roy T. Fielding" <fielding@gbiv.com> Mon, 07 June 2021 19:42 UTC
Return-Path: <fielding@gbiv.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E69F73A0553 for <quic@ietfa.amsl.com>; Mon, 7 Jun 2021 12:42:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gbiv.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7kcQgNub0Do6 for <quic@ietfa.amsl.com>; Mon, 7 Jun 2021 12:42:50 -0700 (PDT)
Received: from crab.ash.relay.mailchannels.net (crab.ash.relay.mailchannels.net [23.83.222.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E0AB3A0542 for <quic@ietf.org>; Mon, 7 Jun 2021 12:42:48 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|fielding@gbiv.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 899FF540C33; Mon, 7 Jun 2021 19:42:44 +0000 (UTC)
Received: from pdx1-sub0-mail-a78.g.dreamhost.com (100-96-17-41.trex.outbound.svc.cluster.local [100.96.17.41]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 21563541DEB; Mon, 7 Jun 2021 19:42:44 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|fielding@gbiv.com
Received: from pdx1-sub0-mail-a78.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.17.41 (trex/6.3.1); Mon, 07 Jun 2021 19:42:44 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|fielding@gbiv.com
X-MailChannels-Auth-Id: dreamhost
X-White-Tank: 050580bb793749b2_1623094964377_2512402914
X-MC-Loop-Signature: 1623094964377:2400247559
X-MC-Ingress-Time: 1623094964376
Received: from pdx1-sub0-mail-a78.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a78.g.dreamhost.com (Postfix) with ESMTP id B2DA38AEEA; Mon, 7 Jun 2021 12:42:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gbiv.com; h=content-type :mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=gbiv.com; bh=Q5AzUEvbIcfkdXfMTyX9Esq5TXw=; b=SH6b/kWquusa2+5KUlVttVcqZtAj 33VziuyImG4m1pXrdO7luwSRvx/aAllGoh/AEb/mofA7TkbI3v1MsNsiti0v56E7 zmJHSYAmt++3vGMQOlyaVrKihbYHAzBO8y47sbM3E2QmJlmV95rkYMoOsMoanSFu cGkVrZJi2rCsv6g=
Received: from [192.168.1.19] (ip68-101-102-139.oc.oc.cox.net [68.101.102.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: fielding@gbiv.com) by pdx1-sub0-mail-a78.g.dreamhost.com (Postfix) with ESMTPSA id 9B3E07E450; Mon, 7 Jun 2021 12:42:41 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
Subject: Re: A question about user tracking with QUIC
X-DH-BACKEND: pdx1-sub0-mail-a78
From: "Roy T. Fielding" <fielding@gbiv.com>
In-Reply-To: <20210607190027.GC5394@sources.org>
Date: Mon, 07 Jun 2021 12:42:40 -0700
Cc: IETF QUIC WG <quic@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7CE3F7FC-21C1-4519-AA60-A2FDFFC512EE@gbiv.com>
References: <20210607123854.GA16312@nic.fr> <CAC7UV9bkqOeCgDsCH+Hdq0v=zmRKNNDtpfiq6Ap_vzm5zUzGVg@mail.gmail.com> <CALGR9oZiUe5TyY3Tv432__GH=v+Lpv2EZah0G4ZD+g3E2FkaMg@mail.gmail.com> <20210607130422.GA27971@sources.org> <EE723B6D-7B6B-4B68-A4A1-F1809CF68F1B@gmail.com> <20210607142015.GA31240@sources.org> <C1B56269-0EF7-42EC-8824-70F7485807B2@gmail.com> <20210607190027.GC5394@sources.org>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/enDoX-vdolUycNqWITHOl3fTs8U>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2021 19:42:55 -0000
On Jun 7, 2021, at 12:00 PM, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote: > > Any specific reference to such a discussion about privacy "against" > the server? I did not find any. There have been many discussions about session establishment and reestablishment. Too many to note. However, "user tracking" is not the term used when the same server remembers interactions with a single user. That's more typically referred to as analytics or sessions, not tracking. There is a relevant concern about multisite tracking on servers that present a certificate for multiple origins, but that applies to both H2 and H3 and only if the browser chooses to reuse the same session layer across multiple sites. Regardless, this is nothing compared to a browser's inherent tracking features that any origin server is capable of directing for the sake of tracking at the HTML/JS layer. There was a conscious decision, early on, that QUIC would not attempt to provide the same features as Tor (or any other sort of privacy broker). It is simply impossible for a protocol to do a better job at that without centralizing everything by default, which would then be a far greater danger to users than individual origin sessions. Using QUIC to communicate with a user-selected, private intermediary (like Tor) would be much better, I think, than trying to do the same with H1/TLS or H2/TLS. Or at least it will be once there is a large number of users using the same protocols. > (And having important discussions on a Microsoft platform not > controlled by the IETF is a bad idea, anyway, but I digress.) The IETF does not have the resources to provide a comparable issue tracking system, let alone one that manages PRs and version control for authors, while providing extensive search capabilities at the same time. It's a tool. ....Roy
- Re: A question about user tracking with QUIC Robin MARX
- A question about user tracking with QUIC Stephane Bortzmeyer
- Re: A question about user tracking with QUIC Lucas Pardue
- Re: A question about user tracking with QUIC Stephane Bortzmeyer
- Re: A question about user tracking with QUIC Stephane Bortzmeyer
- Re: A question about user tracking with QUIC Mikkel Fahnøe Jørgensen
- Re: A question about user tracking with QUIC Stephane Bortzmeyer
- Re: A question about user tracking with QUIC Mikkel Fahnøe Jørgensen
- Re: A question about user tracking with QUIC Mikkel Fahnøe Jørgensen
- Re: A question about user tracking with QUIC Christian Huitema
- Re: A question about user tracking with QUIC Stephane Bortzmeyer
- Re: A question about user tracking with QUIC Stephane Bortzmeyer
- Re: A question about user tracking with QUIC Stephane Bortzmeyer
- Re: A question about user tracking with QUIC Töma Gavrichenkov
- Re: A question about user tracking with QUIC Roy T. Fielding
- Re: A question about user tracking with QUIC Lucas Pardue
- Re: A question about user tracking with QUIC Spencer Dawkins at IETF
- Re: A question about user tracking with QUIC Christian Huitema
- Re: A question about user tracking with QUIC Lucas Pardue
- Re: A question about user tracking with QUIC Spencer Dawkins at IETF
- Re: A question about user tracking with QUIC Christian Huitema
- IETF hosting vs. Github Stephane Bortzmeyer
- Re: IETF hosting vs. Github Willy Tarreau
- Re: IETF hosting vs. Github Lars Eggert
- Re: IETF hosting vs. Github Willy Tarreau
- Re: A question about user tracking with QUIC Behcet Sarikaya
- Re: A question about user tracking with QUIC Roberto Peon
- Re: A question about user tracking with QUIC Mirja Kuehlewind
- Re: A question about user tracking with QUIC Mirja Kuehlewind