Hacker News new | past | comments | ask | show | jobs | submit login

How about: "Websites shouldn't do digital fingerprinting to intentionally circumvent incognito mode." Does this make sense to you as a legal argument?

And yes, this does mean that if it comes to litigation, a lot of this will depend not just on what you did but why you did it.

If you write analytics, unaware of incognito mode, you're probably okay.

If you write that same exact code because your boss comes in and says "shad, we're losing A LOT of user data to users in incognito mode. Could you do some kind of digital fingerprinting so we can still track them?" then you might be criminally liable for digital trespass -- you've intentionally bypassed my security mechanism.




That's the kind of feel-good law that ends up very unenforceable because it ignores technical reality. Not a fan.

If the exact same action does the exact same harm and is legal or illegal based on intent, enforcing that law is going to enrich a lot of lawyers but isn't going to practically rope in many company's behaviors.


That's not a proposal for a law. I'm not arguing about how the law ought to work. For better or worse, that's a description of how the legal system in the US works RIGHT NOW.

And yes, it does enrich a lot of lawyers.

Look up the CFAA cases, for a great set of example of how these laws can explode in this exact domain -- people charged with digital trespass who bypassed no or minimal technical measures. And it doesn't feel good either in most of those cases.

To be frank, though, if this gets applied to Google, it will feel pretty good.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: