W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Please admit defeat (was: Our Schedule)

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 26 May 2014 20:21:59 +1000
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <41909C86-C128-4841-9E53-B1DF9B92B75C@mnot.net>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>

On 26 May 2014, at 7:46 pm, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:

> In message <07D15A9A-8002-44F8-AC00-2A73A4CDE7A7@mnot.net>, Mark Nottingham wri
> tes:
> 
>> I don't hear the engineers who have put a year and a half of work into 
>> this effort talking about "defeat" nor about it being a "fiasco."
>> They're a very good representation of HTTP implementers, and from what 
>> I've heard to date, they think we're getting close to shipping. 
> 
> Even asking the wrong question to the wrong people, you will get
> to the end of the useless answer eventually.

We’re supposed to ignore the implementers of Mozilla, Chrome, IE, IIS, Apache Traffic Server, Curl and a bunch more because you are the “right” person?

Again, technical arguments, please.


> I'll be happy to participate in worthwhile projects, but HTTP/2.0
> has never been that for me.

That’s regrettable.


>> As much as many people would like to get rid of Cookies -- something 
>> you've proposed many times -- doing it in this effort would be 
>> counter-productive.
> 
> Counter-productive for *who* Mark ?
> 
> Counter-productive for FaceBook, Google, Microsoft, NSA and the
> other mastodons who use cookies and other mistakes in HTTP
> (ie: user-agent) to deconstruct our personal identities, across
> the entire web ?
> 
> Even with "SSL/TLS everywhere", all those small blue 'f' icons
> will still tell FaceBook all about what websites you have visited.
> 
> The "don't track" fiasco has shown conclusively, that there is
> never going to be a good-faith attempt by these mastodons to
> improve personal privacy:  It's against their business model.
> 
> And because this WG is 100% beholden to the privacy abusers and
> gives not a single shit for the privacy abused, fixing the problems
> would be "counter-productive".
> 
> If we cared about human rights, and privacy, being "counter-productive"
> for the privacy-abusing mastodons would be one of our primary goals.

I and many of the people in the WG care deeply about privacy, but introducing a version of HTTP that doesn’t support cookies means that that version of HTTP will be largely ignored. You might as well the Transport Area to require support for RFC2514.

If you have a realistic proposal that improves privacy and provides for a transition away from Cookies on the Web, I and many others would very much like to see it. 


--
Mark Nottingham   http://www.mnot.net/
Received on Monday, 26 May 2014 10:22:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC