- From: Dan Veditz <dveditz@mozilla.com>
- Date: Tue, 27 Nov 2012 21:48:41 -0800
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- CC: Mike West <mkwst@google.com>, Eduardo' Vela <evn@google.com>, public-webappsec@w3.org, Adam Barth <w3c@adambarth.com>
On 11/27/12 1:50 PM, Devdatta Akhawe wrote: > I am not even sure opt-out is needed: you can just not set a handler > if you don't want the events. Not opt-out in the sense of whether the page content wants the events, opt-out in the sense that a policy setter (an add-on, perhaps) doesn't want reports of its activities sent to the page. add-ons or otherwise modified clients (hosts files?) can already suppress content loads. There's no real gain making this one particular mechanism noisy with no recourse and some privacy/fingerprinting harm. I'd prefer add-ons to consider using the CSP mechanism when possible as a well-defined, stable, mechanism. -Dan Veditz
Received on Wednesday, 28 November 2012 05:49:08 UTC