Hello, > However, the situation of 3rd party cookie is different from Safe > Browsing.There is no clear rules to decide whether the website is bad > "exception" or not. It's very ambiguity. So how do we decide the > website is "exception"? It would be very floating definition by > person. Of course, the website which is not respect DNT policy may be > good definition. (In some country, Do Not Track approach is not legal > definition.) But we cannot inspect in his server, thus we don't have > a way to check it perfectly.
This is a valid point. You are right that it is not a perfect solution. In many ways the Cookie Clearinghouse approach reminds me of managing trusted CA lists. In both cases, the policy around who is "trusted" is difficult to specify, can't be enforced technically, can only be audited occasionally, and is rife with trouble. I don't think the question should be whether or not the Cookie Clearinghouse approach (or the trusted CA approach) is perfect, but whether it's better than the nothing. I think it might be. > I think that the "exception list" approach is not good for resolving > 3rd party cookies problem. And Safari-like 3rd party cookie policy by > default enabled is not resolve any problem. This is not good for web. I did not get the sense from Brendan's blog post that the Cookie Clearinghouse approach was the end of the story. Firefox isn't just going to implement something without regard to whether it breaks the web. In fact, Cookie Clearinghouse is an attempt to *not* break the web. We shouldn't let fear prevent us from experimentation, even if that experiment fails. Thanks, Monica _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
