W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > October to December 2001

Re: lights are on, no one's in.

From: Jim Ley <jim@jibbering.com>
Date: Thu, 8 Nov 2001 10:45:03 -0000
Message-ID: <002601c16844$5b7147e0$ca969dc3@emedia.co.uk>
To: <w3c-wai-ig@w3.org>
"Kynn Bartlett":

> At 05:27 PM 11/7/2001 , Access Systems wrote:
> >On Wed, 7 Nov 2001, Kynn Bartlett wrote:
> >oh yes, lets help them break into our systems easier
> I'm sorry, I think you're a bit confused.  The CC/PP specification
> does nothing to help people "break into your systems easier"; it
> only provides for the ability to communicate whatever YOU feel is
> appropriate to a server, with the goal of that server being able to
> provide you a better user interface.

If the system is used by servers, then you have to provide information
otherwise you won't get accessible content - if you do get accessible
content despite not sending any CC/PP information - then the CC/PP
information is almost useless to everyone concerned, other than people
who like getting stats to justify only supporting a minority - as is the
current situation where lots of people justify creating IE only sites due
to its overwhelming dominance.

Content negotiation based on browsers or platforms or systems have shown
not to work, people already attempt it based on UA strings - there's
numerous examples of this technique failing - nowhere in the CC/PP drafts
that I can see have anything to address this problem.  We also need a
huge amount of user input into the system to actually specify what they
want  - users aren't used to this, and I can't see them getting motivated
to it, most aren't even motivated/informed enough to configure their
current browsers to their liking - I always get I wish I could ... - and
the answer is in their current browser.

> Such information should be covered by a P3P privacy policy,

Which is meaningless really - I can put whatever I want in a P3P privacy
policy doesn't mean I am reputable - and what about all the
caches/systems in between.

> Nothing in this makes you any more or less likely to have your
> system broken into,

Certainly not, but equally little of it is particularly relevant to a web

> especially not compared with the CURRENT system
> which is that for the most part, your browser already transmits
> a great deal of information about your system.

No it doesn't - it only lets out what I let it, those who have control
over such things can easily modify all of the information that is sent -
none of it should be essential to them getting accessible content - of
course the fact that many people do use the UA string means that many
browsers actually choose to send fake information aswell as letting their
users choose it.

> I probably know more from your email that would allow me to crack
> your system (if I were that type of person) than from a CC/PP
> profile.

Except of course almost all of the information you're relying can be
spoofed, and if someone is concerned about revealing such information
they would - remember the information is not required for the e-mail to
be send (except the IP address of course.) and there's no reason why
content should be accessible either.

> Let's not allow unfounded paranoid fears of computers getting cracked
> to dismiss what could be a very useful advance in the usability and
> accessibility of the web.

Please justify how that works, we have systems in place that let the
content work on any device - device independance getting silly settings
that encourage developers to concentrate their efforts on the limited
range of platforms/UA combinations that apear in their CC/PP settings
will do nothing for those users outside this - and we'll very quickly,
just as we have with UA strings get to the stage where lying is the only
way to some content.

Received on Thursday, 8 November 2001 05:59:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 13 October 2015 16:21:15 UTC