[jedberg]

Many websites that make use of this fall outside the jurisdiction of the USA or EU.

It's better to make browsers unfingerprintable than trying to outlaw the practice.

[tgsovlerkhgsel]

Ad slots are often sold and resold through various exchanges, platforms and marketplaces. If each entity in this chain is liable if fingerprinting happens, then fingerprinting will quickly be just as toxic as other kinds of exploits and mostly disappear from the ecosystem.

For a site to be completely out of reach of the US/EU, all of the involved companies (site operator, fingerprinting provider, company paying for the advertising, ad network provider + the other middlemen involved in serving that ad) would have to have zero connection to the US/EU.

[zingplex]

Is there any reason that legislative and technical measures are mutually exclusive?

[jedberg]

No, but as a community we have limited resources, and it makes more sense to focus on the technical solution than the legislative, which is usually a long slow process and never gets done what you want after all the lobbyists get their hands in it.

[smichel17]

I think this is misguided/shortsighted. Politics can always trump technology -- see the rounds of anti-encryption bills currently making the rounds.

Consider what technical success looks like. How many nice things can't we have, if we need to worry about how they will be abused for fingerprinting?

Better to succeed politically and fail technically than the other way around.

[rhizome]

Then again as the saying goes, you can't use technology to fix a people problem.

[novok]

Also intelligence agencies are going to ignore whatever legislation you create.

[smichel17]

That doesn't sound like full political success.

[danielheath]

They use the financial systems in both these jurisdictions, and that’s enough access for both governments to regulate them.