
Advertisers get hands stuck inside HTML5 database cookie jar - Hagelin
http://arstechnica.com/apple/news/2010/09/rldguid-tracking-cookies-in-safari-database-form.ars
======
SpikeGronim
There are so many ways to coerce a GUID out of a browser: single pixel images,
cache headers[1], etc. It's not feasible to implement disclosure control[2]
retroactively in web standards.

1\. <http://sourcefrog.net/projects/meantime/> 2\.
[http://groups.csail.mit.edu/mac/classes/6.805/articles/priva...](http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/sweeney-
thesis-draft.pdf)

------
jamesbritt
One thing that truly irks me about mobile browsers is that there is no way (as
far as I can tell) to trick them out with add-ons and Greasemonkey scripts to
make them behave as you prefer.

As a user I should be able to white- or black-list who can create databases on
my mobile device, but so far this kind of control is not possible with the
default browsers.

~~~
SpikeGronim
Even if you implemented these controls it wouldn't matter. The tracking
software would use other information channels available intrinsically in HTTP
to assign your browser a GUID.

~~~
jamesbritt
It's not as accurate and still subject to add-ons that munge HTTP headers.

