W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996


From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Wed, 31 Jul 1996 18:37:42 -0400
Message-Id: <199607312237.AA269872667@otter.hpl.hp.com>
To: dmk@bell-labs.com, montulli@netscape.com
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/1174
The "security considerations" section of the draft does not include
any text regarding privacy concerns.

Here's some suggested text:


The protocol described in this draft can be used to keep track of the
browsing habits of a user without the user's knowledge or permission.
Many people consider this to be an unethical invasion of privacy.

Any HTTP client implementing this protocol MUST provide at least three
options for the user:
	1) disable cookies entirely.
	2) ask the user before setting a cookie.
	3) set cookies without asking the user.

The default "out of the box" behavior of the client MUST NOT be #3.

Any HTTP client should provide a way for the user to know which
cookies are associated with a given page.
Received on Wednesday, 31 July 1996 15:43:18 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:17 UTC