On Wed, Oct 1, 2014 at 11:27 PM, Kevin Wayne Williams
<kwwilliams(a)kwwilliams.com> wrote:
Focusing on what signature we can obtain from (or
plant on) the device and
how to make that signature available to and manageable by admins is the key.
I
used to do this for a living in the name of "credit card fraud
prevention". Not only is it a difficult problem, but it is also evil.
[snip]
In a space where we are actually arguing that there is a potential of
loss of life for exposed actors, I don't think that it is reasonable
at all to discuss ways to increase the risk of exposure by creating
and publishing (oh yeah, we are open source and open config for most
things here) a recipe for tracking users in a durable fashion based on
device fingerprints and other sticky token techniques.
Anybody that risks death by
editing Wikipedia is an idiot: no privacy
system is secure enough and no information is important enough to make
that a reasonable decision. Treating editing Wikipedia as some noble
effort that we must protect by at the cost of increasing the
vulnerability of the website is unreasonable.
There's no sacred right to privacy involved in editing the kind of
material found on Wikipedia. Recognizing that it is nothing more but a
repository of pop culture would allow us to prioritize protecting the
site over the imaginary right to privately edit articles about Disney
starlets.
KWW