Re: Some half-baked thoughts about cookies.

On Mon, Aug 27, 2018 at 1:57 PM Poul-Henning Kamp <phk@phk.freebsd.dk>
wrote:

> --------
> In message <CAKXHy=
> fU4odq4Khtbxk-c+D+hkaCnJyUbEPmk8PiRN+jfND_uw@mail.gmail.com>
> , Mike West writes:
>
> >> But we are not seing this with DNT or private browsing mode, are we ?
> >>
> >
> >We are. Visit the Boston Globe in private mode, [...]
>
> Works for me, but that's maybe because I'm in GDPR-land ?
>

Idunno.
https://arstechnica.com/information-technology/2017/05/boston-globe-website-no-longer-lets-you-read-articles-in-private-mode/
has a screenshot of what I saw. Perhaps they have some heuristics around
the blocking behavior?

>You would think that, wouldn't you. My impression is that that's not
> >exactly how it's playing out.
>
> I still think we should let clients set the "ephemeral" bit as appropriate.
>
> If servers react negatively to that, they automatically self-declare
> as not respecting the clients desire for privacy, and that seems
> the best outcome:  It leaves the initiative with the client who
> gets to decide if they want to be tracked or want to boycott the
> sites that do so.


That's a reasonable argument. I think I fall on the other side, suggesting
instead that user agents should attempt to make private browsing appear
similar-enough to regular browsing so as to remove the ability to treat
them differently, rather than attacking the incentives.

Either way, I think assigning meaning to particular bits in the identifier
is something user agents could certainly choose to support.

-mike

Received on Monday, 27 August 2018 12:06:36 UTC