zlacker

The "explainer" is either incoherent here, or at least fails to acknowledge that by implementing holdback they don't solve the client trust issues they outline at the beginning. For example, one of the goals is to prevent cheating in games. With holdback, by design, the game would not be able to distinguish between a cheater who has opted out, and a non-cheater for whom holdback is active. The same applies to other trust scenarios, such as banking, in which the 'malicious software' could simply opt out. You can't just deny 5-10% of users access to your site, so there is no option but to enforce captchas, fingerprinting, or logins on those users.

In other words, developers of web apps who want to know certain difficult-to-fake facts about a client's browser would not be able to rely on WEI with holdback (by design) and would be obliged to implement all the same invasive techniques they perform now -- but now just to apply them to 5-10% of users. So it doesn't save developers any time. Does it help users? It doesn't seem like it, for two reasons. Firstly, while it's nice to know that there's only a 1 in 20 chance that my browser will be fingerprinted on a given site, that means that if I browse for any reasonable length of time and visit enough sites I will certainly be fingerprinted, and my information shared with whatever ad networks the site is using. Secondly, if developers are going to implement browser fingerprinting anyway, why not just apply it to everyone as an extra signal? Sites don't take heat for fingerprinting users now, why would they care?

In summary, the holdback idea seems to be at odds with the rest of the proposal, and the only reason it sounds attractive is because it nullifies the whole thing.