- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Wed, 18 Jun 2014 12:30:52 -0700
- To: Barry Leiba <barryleiba@computer.org>
- Cc: Peter Lepeska <bizzbyster@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 18 June 2014 10:59, Barry Leiba <barryleiba@computer.org> wrote: > The biggest problem with all of this is that you're making an > unreasonable assumption at the start: that users can reasonably "opt > out" of a <strike>privacy-invading</strike> "trusted" proxy. (And, > yes, we have to call it something else: the *user* certainly does not > trust the proxy.) > > 1. If such a thing were to be deployed, it would immediately be > deployed in a way where the option to accept the proxy's intervention > becomes a Hobson's choice: either you accept the proxy or you don't > get to the web site you're trying to get to. What do you think a user > (see below) will do in that situation? > > 2. It's simply unreasonable to imagine that users -- real users out > there, not "users" that really means operators, or content providers, > or browser makers, or whatever -- will have the first idea what > they're really giving up by accepting the proxy, nor that they will > have any understanding of what your UI markers (a "trusted proxy logo" > or any such thing) mean. They will not have a clue, and they will not > be making an informed decision to put themselves in a position where, > for example, this proxy that they don't really trust now has their > username and password for their bank. > > To believe otherwise is to ignore all research that's been done on this stuff. Yes, and I'd point out that the sort of things that Will refers to undermine the integrity of the user-site contract from the perspective of the site operator too.
Received on Wednesday, 18 June 2014 19:31:20 UTC