- From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
- Date: Wed, 31 Jul 1996 18:37:42 -0400
- To: dmk@bell-labs.com, montulli@netscape.com
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
The "security considerations" section of the draft does not include any text regarding privacy concerns. Here's some suggested text: PRIVACY CONCERNS: The protocol described in this draft can be used to keep track of the browsing habits of a user without the user's knowledge or permission. Many people consider this to be an unethical invasion of privacy. Any HTTP client implementing this protocol MUST provide at least three options for the user: 1) disable cookies entirely. 2) ask the user before setting a cookie. 3) set cookies without asking the user. The default "out of the box" behavior of the client MUST NOT be #3. Any HTTP client should provide a way for the user to know which cookies are associated with a given page.
Received on Wednesday, 31 July 1996 15:43:18 UTC