- From: Jim Ley <jim@jibbering.com>
- Date: Thu, 8 Nov 2001 10:45:03 -0000
- To: <w3c-wai-ig@w3.org>
"Kynn Bartlett": > At 05:27 PM 11/7/2001 , Access Systems wrote: > >On Wed, 7 Nov 2001, Kynn Bartlett wrote: > >oh yes, lets help them break into our systems easier > > I'm sorry, I think you're a bit confused. The CC/PP specification > does nothing to help people "break into your systems easier"; it > only provides for the ability to communicate whatever YOU feel is > appropriate to a server, with the goal of that server being able to > provide you a better user interface. If the system is used by servers, then you have to provide information otherwise you won't get accessible content - if you do get accessible content despite not sending any CC/PP information - then the CC/PP information is almost useless to everyone concerned, other than people who like getting stats to justify only supporting a minority - as is the current situation where lots of people justify creating IE only sites due to its overwhelming dominance. Content negotiation based on browsers or platforms or systems have shown not to work, people already attempt it based on UA strings - there's numerous examples of this technique failing - nowhere in the CC/PP drafts that I can see have anything to address this problem. We also need a huge amount of user input into the system to actually specify what they want - users aren't used to this, and I can't see them getting motivated to it, most aren't even motivated/informed enough to configure their current browsers to their liking - I always get I wish I could ... - and the answer is in their current browser. > Such information should be covered by a P3P privacy policy, Which is meaningless really - I can put whatever I want in a P3P privacy policy doesn't mean I am reputable - and what about all the caches/systems in between. > Nothing in this makes you any more or less likely to have your > system broken into, Certainly not, but equally little of it is particularly relevant to a web designer. > especially not compared with the CURRENT system > which is that for the most part, your browser already transmits > a great deal of information about your system. No it doesn't - it only lets out what I let it, those who have control over such things can easily modify all of the information that is sent - none of it should be essential to them getting accessible content - of course the fact that many people do use the UA string means that many browsers actually choose to send fake information aswell as letting their users choose it. > I probably know more from your email that would allow me to crack > your system (if I were that type of person) than from a CC/PP > profile. Except of course almost all of the information you're relying can be spoofed, and if someone is concerned about revealing such information they would - remember the information is not required for the e-mail to be send (except the IP address of course.) and there's no reason why content should be accessible either. > Let's not allow unfounded paranoid fears of computers getting cracked > to dismiss what could be a very useful advance in the usability and > accessibility of the web. Please justify how that works, we have systems in place that let the content work on any device - device independance getting silly settings that encourage developers to concentrate their efforts on the limited range of platforms/UA combinations that apear in their CC/PP settings will do nothing for those users outside this - and we'll very quickly, just as we have with UA strings get to the stage where lying is the only way to some content. Jim.
Received on Thursday, 8 November 2001 05:59:49 UTC