Re: draft-ietf-http-state-mgmt-01.txt LAST CALL

Benjamin Franz:
>I think you are making a bad mistake. By enhancing the *perception* that
>"their browser comes with standard built-in user tracking support." is not
>a true statement - you set people up for behaving as it it *weren't* true. 
>But actually - it *is* true.

Nope.  The true statement would be:

 Warning: though this browser tries to help you in protecting your
 privacy, it cannot not offer strong protection against cross-server
 user tracking because several features of the web allow this to be

> It is worse to *mislead* people as to the
>level of privacy protection they can expect from browsers than to let them
>know up front that they *can* be tracked across servers. 

I'm not trying to mislead anyone about the current situation. 

> And by refusing to put public methods for sharing information
>into the protocal, you actually enhance the probability of site authors in
>fact employing such indetectable methods.

There are plenty of protocol elements which allow public sharing of
data across domains.  This first example I can think of:

 <a href=>
   click here to continue this session at</a>

with the id=43057425 part being dynamically constructed by the server
based on the Cookie request header.

>> Multi-domain cookies would be a browser vendor public relations
>> disaster waiting to happen.  You can't expect browser vendors to
>> standardize on the state management draft if multi-domain cookies are
>> added.
>Maybe. I am sceptical that enough people even understand the issue deeply
>enough to make it a public relations distaster. 

To get a nice public relations disaster, *a necessary requirement* is
that not enough people understand the issue deeply enough.

There is no doubt in my mind that at some point in the future, some
user tracking scheme will cause a public relations disaster.  The only
question is how big this disaster will be.  In the optimal case, the
bad publicity will be limited to the malicious web sites.  In a worse
case, there will be conspiracy theories about browser vendors selling
their software with a built-in big brother device.  This would totally
kill the viability of the internet as a medium for commerce, at least
in Europe, and probably also elsewhere.  Standardizing on multi-site
cookies will make the worse case *much* more likely to happen.  That
is why we should not do it.

>Benjamin Franz


Received on Saturday, 15 June 1996 14:11:46 UTC