Re: draft-ietf-http-state-mgmt-01.txt LAST CALL from Koen Holtman on 1996-06-15 (ietf-http-wg@w3.org from April to June 1996)

From: Koen Holtman <koen@win.tue.nl>
Date: Sat, 15 Jun 1996 23:07:53 +0200 (MET DST)
To: Benjamin Franz <snowhare@netimages.com>
Cc: koen@win.tue.nl, marc@ckm.ucsf.edu, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <199606152107.XAA15954@wsooti04.win.tue.nl>

Benjamin Franz:
>
>I think you are making a bad mistake. By enhancing the *perception* that
>"their browser comes with standard built-in user tracking support." is not
>a true statement - you set people up for behaving as it it *weren't* true. 
>But actually - it *is* true.

Nope.  The true statement would be:

 Warning: though this browser tries to help you in protecting your
 privacy, it cannot not offer strong protection against cross-server
 user tracking because several features of the web allow this to be
 implemented.

> It is worse to *mislead* people as to the
>level of privacy protection they can expect from browsers than to let them
>know up front that they *can* be tracked across servers. 

I'm not trying to mislead anyone about the current situation. 

[....]
> And by refusing to put public methods for sharing information
>into the protocal, you actually enhance the probability of site authors in
>fact employing such indetectable methods.

There are plenty of protocol elements which allow public sharing of
data across domains.  This first example I can think of:

 <a href=http://other.site.com/cgi-bin/import_cookie?id=43057425>
   click here to continue this session at other.site.com</a>

with the id=43057425 part being dynamically constructed by the server
based on the Cookie request header.

[...]
>> Multi-domain cookies would be a browser vendor public relations
>> disaster waiting to happen.  You can't expect browser vendors to
>> standardize on the state management draft if multi-domain cookies are
>> added.
>
>Maybe. I am sceptical that enough people even understand the issue deeply
>enough to make it a public relations distaster. 

To get a nice public relations disaster, *a necessary requirement* is
that not enough people understand the issue deeply enough.

There is no doubt in my mind that at some point in the future, some
user tracking scheme will cause a public relations disaster.  The only
question is how big this disaster will be.  In the optimal case, the
bad publicity will be limited to the malicious web sites.  In a worse
case, there will be conspiracy theories about browser vendors selling
their software with a built-in big brother device.  This would totally
kill the viability of the internet as a medium for commerce, at least
in Europe, and probably also elsewhere.  Standardizing on multi-site
cookies will make the worse case *much* more likely to happen.  That
is why we should not do it.

>Benjamin Franz

Koen.

Received on Saturday, 15 June 1996 14:11:46 UTC