Re: More cookies from Patrick McManus on 2012-12-11 (ietf-http-wg@w3.org from October to December 2012)

From: Patrick McManus <pmcmanus@mozilla.com>
Date: Tue, 11 Dec 2012 17:59:08 -0500
To: Martin Thomson <martin.thomson@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAOdDvNpwGQgArZuE7gGZs-oixivg3+htdw3-qzdA5c3Yo9dHPQ@mail.gmail.com>

On Tue, Dec 11, 2012 at 5:29 PM, Martin Thomson <martin.thomson@gmail.com>wrote:

>
> For the browser guys who have implemented this: What controls, if any,
> are offered to users over this data?  Are users able to clear the
> store?  Are there limits on settings storage?  Do you have any data on
> the value of having clients persist settings?
>

For these reasons Firefox doesn't generically implement this as a cookie.
We will implement particular settings values that are documented and are in
reasonable ranges without enough room for fingerprinting although none are
deployed in any of the release channels and life goes on just fine. For
instance I'm working on a patch for ID 5 right now and will mask it limit
it to a range of a hundred values or so and won't persist that one between
restarts... it will have to prove itself out with data before getting to
the release channel to stay in the code base though it isn't hard to find
synthetic uses for it.

I agree that some language around that is probably a good thing.

Received on Tuesday, 11 December 2012 22:59:37 UTC