- From: Ben Schwartz <bemasc@meta.com>
- Date: Thu, 24 Oct 2024 18:03:13 +0000
- To: David Schinazi <dschinazi.ietf@gmail.com>, Ted Hardie <ted.ietf@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Watson Ladd <watsonbladd@gmail.com>
- CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
> Ben > If implemented today, this proposal would privilege vendor-provided proxies over third-party proxies. This seems undesirable to me. > As it stands today, no browser offers open APIs to switch out their privacy proxy provider. This is only true in some trivial sense. Chrome [1] and Android [2] both offer public APIs that allow third parties to control the proxy settings, and Chrome defers to the OS proxy settings as well. Tens (hundreds?) of millions of users use non-browser-affiliated proxy or "VPN" services to protect their privacy. > In particular, you'd need to formalize exactly what kind of blinded tokens are used, and a very high number of knobs such as token refresh rate, proxy failure backoff timers, etc. No, that is all internal to the proxy/VPN operator's account management logic. There's no need for browser customization there. Today, an app downloaded from an app store can provide reasonably equivalent functionality to a proxy offered by the browser vendor, from the user's perspective. This proposal would allow an improved user experience only for the browser vendor's own proxy service. --Ben [1] https://developer.chrome.com/docs/extensions/reference/api/proxy [2] https://developer.android.com/reference/android/net/VpnService.Builder#setHttpProxy(android.net.ProxyInfo)
Received on Thursday, 24 October 2024 18:03:23 UTC