canmove, Confirmed users
1,537
edits
Privacy/Reviews/Telemetry: Difference between revisions
Jump to navigation
Jump to search
→User Data Risk Minimization
| Line 131: | Line 131: | ||
{{Message|This section is incomplete until data storage on the client and server in the above sections is completed}} | {{Message|This section is incomplete until data storage on the client and server in the above sections is completed}} | ||
=== Fingerprinting === | |||
Based on metrics that are similar from day to day, an individual user might be fingerprinted and tracked across time. Someone with consistent day-to-day browsing habits may have the same memory usage, speed, etc; it is likely that the machine's attributes will also have an effect on the measurements taken so a combination of browsing habits and machine attributes could be a fairly detailed "fingerprint". | |||
''Required Action'': | |||
To minimize fingerprinting risk, it is crucial to ensure that arbitrary web sites absolutely cannot access the telemetry data while it's stored on the client. Additionally, the data should be transmitted from the Client Component to the Server Component over a secured (and preferably authenticated) channel; this means SSL/HTTPS must be used. | |||
''Recommendation'': If possible, the SSL certificate fingerprint should be hard coded into the client and verified before transmitting data so the client can be sure the server where it is sending data is indeed the Telemetry server (and not an attacker intercepting traffic). | |||
'''Resolution''' | |||
{{risk|Not Resolved. (not yet discussed)}} | |||
= Conformity to Private Browsing Mode = | = Conformity to Private Browsing Mode = | ||