On Mon, Oct 31, 2016 at 3:01 PM, Aryeh Gregor <a...@aryeh.name> wrote: > On Mon, Oct 31, 2016 at 10:02 AM, Chris Peterson <cpeter...@mozilla.com> > wrote: >> Alternately, buildID could be hidden behind a domain whitelist pref, seeded >> with sites working with Mozilla. If you are, say, a Netflix customer, they >> already know who you are, so exposing your buildID to them is not much of a >> tracking risk. :) > > If the concern is fingerprinting, perhaps it could be exposed only to > sites that the user is logged into (assuming we have a good working > definition of "logged in")?
I think that's over-engineering it. I suggest we make it behave the current way for chrome, https://*.mozilla.org and https://*.netflix.com origins and make it return a constant otherwise. -- Henri Sivonen hsivo...@hsivonen.fi https://hsivonen.fi/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform