Re: Geopriv compromise proposal

On Jun 16, 2009, at 9:16 AM, Ian Hickson wrote:

> On Tue, 16 Jun 2009, Rigo Wenning wrote:
>> And NO, this is not at all harmful in the sense that Ian Hickson
>> described. I have understood the remarks differently. Ian Hickson may
>> clarify. Because this would mean that you and others would consider  
>> P3P
>> harmful to browsers and exposing users to risks.
> P3P has exactly the same problems as I described, yes. This is one  
> of the
> reasons why it hasn't been implemented in most browsers.
> (In short, it relies on the site being honest, and then on the browser
> trusting the site and exposing the same information but with the  
> browser's
> authority behind it. Most browser vendors refuse to implement this  
> because
> it undermines the user's trust in the browser, leading to the same  
> issues
> such as the user no longer trusting TLS warnings.)

This is part of the reason we have been hesitant to implement P3P in  
Safari. It does not provide any substantive privacy protection, and  
may give the user a false sense of security. Our only requests to  
support P3P have been from sites that would like to do things we may  
consider privacy-violating (they would like us to also relax our  
default third-party cookie policy for sites that use P3P).


Received on Wednesday, 17 June 2009 17:12:45 UTC