- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 26 Feb 2008 13:08:39 +0100
- To: "Brad Porter" <bwporter@yahoo.com>, "Daniel Veditz" <dveditz@mozilla.com>
- Cc: "Jonas Sicking" <jonas@sicking.cc>, "WAF WG (public)" <public-appformats@w3.org>, "Window Snyder" <window@mozilla.com>, "Brandon Sterne" <bsterne@mozilla.com>, "Jesse Ruderman" <jruderman@gmail.com>
On Sat, 23 Feb 2008 23:02:37 +0100, Brad Porter <bwporter@yahoo.com> wrote: > The intention is to cripple the access-control functionality by > eliminating cookies in order to prevent site authors from injuring > themselves, thus eliminating a large class of valid use cases but > preventing site-authors from leaking their own user-specific data > covered by their own privacy policy. I'd like to see an update on this from the Mozilla folks. I think if cookies are not part of the request we should simply nuke the whole idea. One thing that might be worth considering is adopting the policy Safari and Internet Explorer have for cookies. That is not accepting third-party cookies, but always including cookies in the request. Then again, there are already tracking methods without cookies and are actively being used (Hixie pointed out paypal + doubleclick on IRC) so I'm not sure whether complicated cookie processing models are worth it at all. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Tuesday, 26 February 2008 12:04:56 UTC