Discussion
Loading...
Post
@span neil Hmm "like device fingerprinting, where they involve storage or access"
My understanding is that normally device fingerprinting involves no "storage" on the device, just what the device already has/is.
@span revk which may be "access"
@span neil I may have to go re-read PECR, I thought it covered "access" of what you "stored", but as always, I may be wrong.
If it is indeed "access" to "any" information, then every single GET includes information from the device, such as the URL you are requesting, the referring page, etc, which the server "accesses", and would make every single web request come under PECR. So I am not sure it can be that wide and make any sense (LOL, assuming it makes sense).
@span revk @span neil so does the IP header 😁
@span revk It does not limit "access" to what one has "stored".
Fun game: if a server logs a browser user agent string, from an http request, has the provider thereby "accessed" information from the user's device, even though it was sent automatically? :)
@span neil @span revk Even worse: what if you log p0f results for the connection?
@span neil Out of interest, does it work both ways.
If I get a web page, I'm "accessing" information on the server. Does PECR apply to me?
1 more replies (not shown)
bonfire.cafe
A space for Bonfire maintainers and contributors to communicate
Automatic federation enabled