[ NNSquad ] Re: nnsquad Digest, Vol 5, Issue 188

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: nnsquad Digest, Vol 5, Issue 188

To: ssc <ssc@strikenet.kicks-ass.net>
Subject: [ NNSquad ] Re: nnsquad Digest, Vol 5, Issue 188
From: Peter Eckersley <pde@eff.org>
Date: Thu, 12 May 2011 17:09:08 -0700
Cc: nns <nnsquad@nnsquad.org>, Dan Gillmor <dan@gillmor.com>

On Thu, May 12, 2011 at 04:38:06PM -0400, ssc wrote:
> But good tools exist, and as many using firefox know, you can quite
> cleanly surf, even if you allow some cookies. Cookie Safe, better
> Privacy, and Ghostery are all examples of fine work being done in this area.
> As the spies heat up, anti-spies get better, and without much trouble,
> you can be quite inconspicuous. I forsee this extending into the future
> ad infinitum.
>

I do not believe this is correct.  While Firefox extensions to detect trackers
exist, the technical arms race between trackers and privacy enhancing
technologies seems to be structurally skewed in favour of the trackers for a
few reasons:

1. The trackers pay many more salaries to programmers

2. A third party tracker only needs to find one effective tracking mechanism; the
   defenders need to prevent all of them.

3. Only a tiny minority of users are knowledgeable about the most recent
   tracking methods and the technical steps and tools that might be required
   to mitigate them.  A non-trivial percentage of people have finally heard
   the message from the 1990s about managing your cookies, but it turns out
   that's no longer enough.

Three examples of how this plays out in practice:

1. To my knowledge, no desktop browsers know how to clear even the best-known
supercookie types: http://samy.pl/evercookie/

2. We know we have no really practical defenses against fingerprinting (see
https://panopticlick.eff.org and
http://online.wsj.com/article/SB10001424052748704679204575646704100959546.html)
Unlike cookies, fingerprints do not need to be collected from a visible third party domain in
order to be an effective Web-wide tracking mechanism.

3. Trackers can and do use all of these dirty tricks in the real world:
http://cseweb.ucsd.edu/~d1jang/papers/ccs10.pdf

These problems appear to need policy rather than technical solutions.  That
was the reason we came round to supporting the idea of a Do Not Track header.

-- 
Peter Eckersley                            pde@eff.org
Senior Staff Technologist         Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

References:
- [ NNSquad ] Re: nnsquad Digest, Vol 5, Issue 188
  - From: Dan Gillmor <dan@gillmor.com>
- [ NNSquad ] Re: nnsquad Digest, Vol 5, Issue 188
  - From: ssc <ssc@strikenet.kicks-ass.net>

Prev by Date: [ NNSquad ] Re: nnsquad Digest, Vol 5, Issue 188
Next by Date: [ NNSquad ] Browser Privacy/Tracking/Cookies
Previous by thread: [ NNSquad ] Re: nnsquad Digest, Vol 5, Issue 188
Next by thread: [ NNSquad ] Facebook Embraces J. Edgar Hoover: Anti-Google Lie Campaign Revealed
Index(es):
- Date
- Thread