- From: Walter H. <Walter.H@mathemainzel.info>
- Date: Fri, 04 Aug 2017 22:28:58 +0200
- To: Luis Barguñó Jané <luisbargu@gmail.com>
- CC: Guilherme Hermeto <gui.hermeto@gmail.com>, ietf-http-wg@w3.org
Received on Friday, 4 August 2017 20:29:24 UTC
On 04.08.2017 11:27, Luis Barguñó Jané wrote: > Exactly the same as the server deciding whether to include JS to use > geolocation API. but without JS on client side, this doesn't work and the server doesn't get anything; and with the header proposal there is no 2nd safety layer > My bad again, I was writing this e-mail as plain language. > I agree with you. We MUST not introduce any new privacy risk, and a > proper standard should guarantee that. > should guarantee means no guarantee; the standard MUST guarantee that, and when we talk about a standard that is similar to a law, it MUST prevent anybody who doesn't conform to the standard ... and a fallback MUST be provided, in other words a server MUST do either both the JS-API and the header proposal or only the JS-API, because it can't be, that for a legit use case you have to buy a new "smartphone", because the server only does header proposal ... so I ask you: does it really make a sense to have this header proposal?
Received on Friday, 4 August 2017 20:29:24 UTC