Re: Slower HTTP for privacy

It sounds like what you want is Client Hints (
https://developer.mozilla.org/en-US/docs/Web/HTTP/Client_hints).

On Mon, Jan 30, 2023 at 10:48 AM Soni L. <fakedme+http@gmail.com> wrote:

>
>
> On 1/30/23 04:44, Fabian Keil wrote:
> > "Soni L." <fakedme+http@gmail.com> wrote on 2023-01-29 at 11:45:53:
> >
> > > It would be appreciated if there were a slower HTTP, with more round
> > > trips, explicitly designed with privacy negotiation in mind.
> > >
> > > Importantly, you can't leak data which you do not have. The best way
> to
> > > not have that data is to not receive it.
> > >
> > > Why does a server need to accept user agents and a bunch of other
> > > unnecessary stuff if it isn't gonna use it? Doesn't it just make the
> > > server more liable for no good reason? Make it possible to turn it
> off!
> > > Most of it can just be turned off.
> > >
> > > In fact, the simplest servers (static hosting) only really need the
> URL
> > > and the Host. Everything else is unnecessary liability.
> >
> > It's not exactly what you ask for, but Privoxy [0] has a
> > delay-response{} response action [1] that is somewhat related.
> >
> > Fabian
> >
> > [0] <https://www.privoxy.org/>
> > [1] <
> https://www.privoxy.org/user-manual/actions-file.html#DELAY-RESPONSE>
> It's not at all what we ask for! Uh, we mean like, why does the HTTP
> server have to parse and discard the User-Agent header and another 10 or
> so headers which it has no use for, instead of just... not receiving
> those headers in the first place?
>
> Why can't the client send URL and Host, then wait for the server to send
> a Headers Required message, then send the required headers (which may be
> none)? Yes, it takes longer (more RTTs), but the best way to improve
> privacy is to not have the data in the first place.
>
>