Re: draft-ietf-http-state-mgmt-01.txt LAST CALL

koen@win.tue.nl:
|I have been told by people who get paid to know that in Europe, it 
|is not rules and regulations which prevent companies from sharing 
|customer data (and it sure also is not the lack of technical means 
|to do it), it is the fear of being crucified by the mass media.

So information providers have an incentive to play on the level or
be soundly trounced in the PR arena for unethically sharing data, either 
the easy way using cookies or the hard way on a back-channel.

|We can't go and standardize mechanisms which increase the chance of
|browser vendors being crucified.

The other bound of that problem is that we can't withold translucent features 
(whose workings can be inspected by the user) that allow for webbed, widely-
distributed cooperating applications because malicious actors might abuse 
them.  And there are some non-European/American cultures (that I will 
never visit) where sharing data is not problematic and you can't chew gum.

Browser vendors that implement the enabling technology fully will have 
nothing to fear, but cannot be held responsible for the evil use of that 
value-neutral enabling technology by others.  The threat of public crucifixion 
is the best incentive mechanism to prod browser vendors into giving the user 
complete control of what data are sent out in their name, cookies or anything
else.

Browser vendors or information providers that spy or allow the technology
to hide spying on users probably deserve a public media execution,
whatever means they employ to spy.  Netscape is not dead even though their
SSL implementation was cracked on the international media.  That the media
were gathering the wood and nails forced N to fix the bug quickly, upgrade 
Navigator and prove the system can work.  

Such fits and starts, which accompany the rollout of any new technology, 
could strenghten the position of interpreneurs that take responsibility 
for their software and empower users as much as information providers.  
Peer pressure and the fear of lethal injection will make the internet 
safe for privacy applications, not the fear of the feature.

-marc

Received on Sunday, 16 June 1996 11:14:55 UTC