- From: Mike West <notifications@github.com>
- Date: Wed, 31 Oct 2018 09:02:23 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 31 October 2018 16:02:45 UTC
> Assuming same-site means same origin (does it?) `same-site` means `same-site` (the enum in the explainer is `cross-site`, `same-site`, or `same-origin`; the default is `same-site` for delivery, as that enables the SSO pattern of `sso.site.tld` that we see all over the place, which seems like a reasonable kind of thing to encourage as the default behavior). > If the tracking happens automatically without any opt-in from the site The proposal suggests that we mint tokens proactively for things that the user navigates to as first-parties. It does not suggest that we do the same for things that the user does not navigate to as a first-party, even if they really want it. Can you help me understand the scenario in which Lightbeam would show users bad information, or somehow misunderstand/underestimate the tracking potential a user's navigations expose? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/297#issuecomment-434741682
Received on Wednesday, 31 October 2018 16:02:45 UTC