W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

RE: Unverifiable Transactions / Cookie draft

From: M. Hedlund <hedlund@best.com>
Date: Fri, 14 Mar 1997 01:54:15 -0800 (PST)
To: Yaron Goland <yarong@microsoft.com>
Cc: "'dmerriman@doubleclick.net'" <dmerriman@doubleclick.net>, http-wg@cuckoo.hpl.hp.com
Message-Id: <Pine.SGI.3.95.970314014636.390B-100000@shellx.best.com>

On Thu, 13 Mar 1997, Yaron Goland wrote:
> I would also point out that besides denying smaller sites revenue,
> preventing "unverifiable transactions" only puts a very small bump in
> the road of collecting user data. [...]
> User Privacy - 0
> Small Web Sites - 0

It is a misrepresentation to say that there is "0" gain in user privacy by
way of the unverifiable transaction limitation in the cookie RFC.  We would
not have wasted the extensive amount of time we spent on this issue for no
gain.  The specification as written provides reasonable protection for
users while trying to allow implementors flexibility in user interface
design.

I do agree that data sharing can be accomplished through other means than
shared cookies.  However, the concern of the state management subgroup was
crafting a specification that did not create _new_ privacy problems. 
Because there are other privacy issues on the Web does not mean that we
should throw up our hands and surrender in this specification.

M. Hedlund <hedlund@best.com>
Received on Friday, 14 March 1997 01:57:06 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:31 EDT