> I don't think the question should be whether or not the Cookie > Clearinghouse approach (or the trusted CA approach) is perfect, > but whether it's better than the nothing. I think it might be.
I suppose it depends on which "nothing" you're looking at. If Mozilla simply leaves the cookie policy alone, all sites continue to work and users can still choose to block third-party cookies if they accept its given compatibility challenges. As a user, that's the default setting I want - a browser that works out of the box. I know the thought is to block advertisers from tracking users, but there's two problems with this approach, 1) there are non-advertising use cases that this breaks, and 2) advertisers are already moving to other state mechanisms, which leaves only the non-advertising use cases to bear the brunt of this feature. Granted, the Cookie Clearinghouse will help to some extent, but it's reactive and the earliest we'll see it in Firefox is toward the end of the year. The largest issue with the proposed cookie blocking scheme is that it silently fails, so the user believes the problem is with the website, when in fact the problem is with their (soon-to-be-default) settings. Perhaps the more charitable websites will educate the user on how to make the browser work again, which will require the user to change the cookie setting back to "normal" - what a pain for users and websites, with no net gain. If Mozilla is really going to push out the cookie blocking feature, it should do what NoScript, AdBlockPlus, and similar tools offer - a UI experience that alerts when items are blocked and allows the user to enable those blocked items. At least that gives the user a fighting chance to know what is going wrong. Additionally, the stated goal for this feature is to make cookies more transparent, what better way than to provide a UI that shows all the blocked cookies and allows the user to unblock them. It can work in conjunction with the Cookie Clearinghouse and wouldn't be much different than the IE compatibility view feature where there's a whitelist, but it also offers a UI for the user to override. The other related option to consider is an API so that websites can request an exception to the third-party cookie blocking. It's on the 2012 privacy roadmap, so presumably someone has given it some thought. > We shouldn't let fear prevent us from experimentation, even if that > experiment fails Can you share the criteria of what constitutes failure for this feature? - Bil _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
