- From: Watson Ladd <watsonbladd@gmail.com>
- Date: Thu, 8 Jun 2023 21:41:43 -0700
- To: Martin Thomson <mt@lowentropy.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Jun 8, 2023, 4:29 PM Martin Thomson <mt@lowentropy.net> wrote: > > I am a staunch opponent of the use of consent for this sort of thing. Notice, perhaps, I might be able to get behind. > > To manage risk of destroying potential audit trails, it seems like it would be reasonable for browsers to ignore the signal if the site took actions that might result in permanent effects (like downloads of malware, use of powerful features that do require consent, that sort of thing). The browser might retain *less* information, and create warnings if it does, but accountability is important. We have consent with good reason for a camera usage but letting that make a site get recorded would mean a domestic violence hotline couldn't offer a video chat with a therapist with this feature. I can't claim to have the answers for that one but that's just one feature and example, and I don't know we can give terribly good guidance here. I think browser vendors will have to use their best judgement on the tradeoffs and UX to explain them, at the cost of the header meaning slightly different things across browsers. Sincerely, Watson Ladd
Received on Friday, 9 June 2023 04:41:59 UTC