W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2014

Re: [webappsec] Rechartering: Sub-Origins

From: Brian Smith <brian@briansmith.org>
Date: Mon, 10 Nov 2014 17:26:08 -0800
Message-ID: <CAFewVt4HKO=gfhxJhZEuunwhOup3fWbvAzV=Yrv-XdP3v7NmuA@mail.gmail.com>
To: Brad Hill <hillbrad@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Mon, Nov 10, 2014 at 3:53 PM, Brad Hill <hillbrad@gmail.com> wrote:
> I guess that is a (likely unintended) consequence of the feature.

I also assume that if it is a consequence, it is unintended.

> Adversarial blocking tools like this are always going to lead to an
> arms race / cat-and-mouse / pick your metaphor for neverending
> game-theoretic churn.  Once there's enough money at stake, the
> decision to take the risk will probably be made, with or without good
> mitigation technologies available. Do we want to sacrifice the ability
> to more easily partition applications in to securable components for a
> position in that battle that will surely be overrun anyway?

I think it is good to recognize the issue, and ask for feedback from
people on the pro-tracking-protection side. I forwarded part of the
thread to the relevant people at Mozilla. It may be the case that
there is a way to avoid the negative unintended consequence without
sacrificing the security benefits. At least, I think that should be a
goal.

Cheers,
Brian
Received on Tuesday, 11 November 2014 01:26:34 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC