- From: Marc Salomon <marc@pele.ckm.ucsf.edu>
- Date: Sat, 15 Jun 1996 11:44:09 -0700
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
koen@win.tue.nl wrote to snowhare@netimages.com: on emulating 1:n domain cookies... |You will have to work more than just slightly harder. And after you |deploy such a system, it will inevitably be discovered, and it will |result in bad publicity not just for you but for the entire web. But |at least this bad publicity won't involve stories about browser |vendors and the IETF being on your side in the battle over privacy. Putting on my political science hat, this is essentially a regulatory issue. Restricting the options for good actors because malicious actors might abuse functionality won't solve the problem. The market is not the solution for everything, but when it comes to the public relations consequences of vendors abusing privacy, it seems to work well. N.B. Netscape's quick reaction to Javascript privacy violations in Navigator 2.0. If you require safety belts in all cars, and pass a law that requires drivers wear them, they choose not to and get into a wreck, then you are not responsible for that wreck. If a site collects login:passwd using basic authentication, promises to keep the data confidential and turns around and shares it, does that reflect on the IETF and its committment to privacy? If people disable 1:n domain cookie confirmation dialogues (with whois data for each domain), as required by some IETF draft, then caveat emptor as they take control of the situation, and the IETF is still on the side of privacy. Clearinghouses will spring up that serve lists of domains with a history of privacy abuses for those users who care to filter based on those criteria. But sadly enough, at least here in the USA, the prevailing sentiment is that corporations are the overtaxed valiant innovators bringing us a world of choice, convenience and a job if we're lucky. Most people here couldn't care less what data are gathered and shared about them by corporations and probably see it a as feature. As far as client-initiated cookies go, think of them as situationism in practice. A sort of .rc file that one can source for each persona or role one plays as they go through their day on the web. Metadata on all of Me. Preemptive scenario negotiation so you and the server can cut through the bull and get to a mutually beneficial spot in webspace and on your way. This kind of functionality is essential to achieve a stateful dialogue you wrote about in an earlier version of this draft. This proposal as it currently stands specifies a server-controlled rote monologue. -marc
Received on Saturday, 15 June 1996 11:52:28 UTC