[whatwg] RWD Heaven: if browsers reported device capabilities in a request header

Boris Zbarsky bzbarsky at MIT.EDU
Tue Feb 7 10:00:24 PST 2012


On 2/7/12 12:34 PM, David Goss wrote:
> On 7 February 2012 17:11,  Boris wrote:
>> This is a case of browser vendors (or at least me with my browser
>> implementor had on) thinking that sending this sort of information will
>> hurt their users' privacy...
>
> Sorry if I'm missing something obvious, but how? I don't think
> anyone's asking for the browser to send anything that can't be
> detected client-side and sent to the server anyway.

The idea is to prevent pervasive user tracking via fingerprinting.  It's 
actually easy to prevent client-side detection of some of these things; 
just turn off script execution for the relevant origins.

-Boris



More information about the whatwg mailing list