- From: Maciej Stachowiak <mjs@apple.com>
- Date: Wed, 17 Jun 2009 08:25:19 -0700
- To: Ian Hickson <ian@hixie.ch>
- Cc: Rigo Wenning <rigo@w3.org>, Andrei Popescu <andreip@google.com>, public-geolocation@w3.org, Thomas Roessler <tlr@w3.org>
On Jun 16, 2009, at 9:16 AM, Ian Hickson wrote: > On Tue, 16 Jun 2009, Rigo Wenning wrote: >> >> And NO, this is not at all harmful in the sense that Ian Hickson >> described. I have understood the remarks differently. Ian Hickson may >> clarify. Because this would mean that you and others would consider >> P3P >> harmful to browsers and exposing users to risks. > > P3P has exactly the same problems as I described, yes. This is one > of the > reasons why it hasn't been implemented in most browsers. > > (In short, it relies on the site being honest, and then on the browser > trusting the site and exposing the same information but with the > browser's > authority behind it. Most browser vendors refuse to implement this > because > it undermines the user's trust in the browser, leading to the same > issues > such as the user no longer trusting TLS warnings.) This is part of the reason we have been hesitant to implement P3P in Safari. It does not provide any substantive privacy protection, and may give the user a false sense of security. Our only requests to support P3P have been from sites that would like to do things we may consider privacy-violating (they would like us to also relax our default third-party cookie policy for sites that use P3P). Regards, Maciej
Received on Wednesday, 17 June 2009 17:12:45 UTC