- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 15 Jul 2008 12:18:57 +0000 (UTC)
- To: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>
- Cc: public-html-comments@w3.org
On Tue, 15 Jul 2008, Frank Ellermann wrote: > > > > IP addresses are, by and large, enough to perform pretty much all the > > tracking you might want > > Depends. Using the same small ISP dial-in users could end up with > getting similar IPs. If they change ISPs or it's a big ISP their IPs > will differ. Static IPs are of course another scenario. Even with dynamic IPs from a large pool, it is reasonably easy to build user profiles over multiple sessions. The idea that you need cookies to do this is a fiction that paranoid users believe in order to get over their worry that people are following their every move. Cookies make it mildly easier, but anyone who wants to do user tracking has to deal with such high levels of cookie churn (people resetting their cookies) that they almost certainly only use the cookies as just an extra signal, and not a key part of any tracking strategy. > > sites can bypass third-party cookie blocking by doing first-party > > cookie transactions > > They'd do a part of that with their own bandwidth. Third party cookies > are not only a privacy issue, they are also about bandwidth. Bandwidth for a redirect is essentially free in this day of massive multimedia content. Redirects are shunned due to their latency (which hurts the user), not their bandwidth usage. Cookies typically fit within the same packet as the request, so they have effectively no effect on network performance from the user's perspective. > > blocking third-party cookies ends up breaking a surprising number of > > sites in subtle ways. > > Their problem. Third party cookies are known to be against the interest > of the users. Actually, third-party cookies are used in opt-out schemes where a user has indicated a desire not to be tracked. Disabling third-party cookies in such cases actually goes against the user's wishes in such cases. Fundamentally, though, if a site breaks the user stands more to lose than the site. This is why browsers go out of their way to avoid breaking sites. Saying it's the problem of the site rather than the user is a very naive attitude. Anyway, going back to the original topic of this thread: all this is why the spec is written as it is. I think the current text is entirely accurate and I don't think making it more politically correct is a good idea here, as it would merely further this lie that blocking third-party cookies somehow protects user privacy. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 15 July 2008 12:33:34 UTC