- From: Koen Holtman <koen@win.tue.nl>
- Date: Sat, 15 Jun 1996 15:45:56 +0200 (MET DST)
- To: Benjamin Franz <snowhare@netimages.com>
- Cc: koen@win.tue.nl, marc@ckm.ucsf.edu, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Benjamin Franz: > >I hate to rain on your parade - but you can't stop sharing of cookie info >across cooperating domains. At all. I am fully aware that there are numerous tricks which cooperating domains can use to share session info. I did not claim that the restriction to single-domain cookies in netscape cookies and in the state management draft is a good thing because it prevents all sharing. The restriction is a good thing because without it, there would be built-in cross-server tracking support in each browser, which is something users do not want. This is not about providing bullet-proof privacy protection, this is about the public's perception of whether their browser comes with standard built-in user tracking support. [...] >Basically - you can achieve nothing except making me work *slightly* >harder to share information with a cooperating domain. You will have to work more than just slightly harder. And after you deploy such a system, it will inevitably be discovered, and it will result in bad publicity not just for you but for the entire web. But at least this bad publicity won't involve stories about browser vendors and the IETF being on your side in the battle over privacy. Multi-domain cookies would be a browser vendor public relations disaster waiting to happen. You can't expect browser vendors to standardize on the state management draft if multi-domain cookies are added. >Benjamin Franz Koen.
Received on Saturday, 15 June 1996 06:50:16 UTC