> From: Warren Kumari <[email protected]> > > Continuing the sarcasm is too much effort, so I'll simply ask why not > > do DNS MX and A requests? (both because of the fall-back-to-A-if-no-MX
> Please sir, if I run www.images.example.co.uk, can I set a cookie > at images.example.co.uk? How about example.co.uk? Fine Now .co.uk? If you are running www.images.example.co.uk, then you should know all there is to know about cookies at www.images.example.co.uk any other domains at which you might legitimate want to set a cookie. If you are an HTTP client implementor, then I think you should implement "disable third party cookies" with the single obvious, fast, simple, and--if you like--simplistic comparision without needing to check any PSL lists. You should also make "disable third party cookies" on by default. Yes, I am among the many who consider third party cookies at best undesirable and generally willful and knowing attempts to sell or otherwise violate our privacy. Yes, I've occassionally encountered web pages that apparently legitimately use third party cookies (i.e. without obviously trying to violate my privacy). I cannot recall any cases where those web pages could not and should not have used other tactics. Yes, I know all HTTP server operators "values my privacy." However, the values that spammers, advertisers, governments, and other snoops place on my privacy differ from mine. Vernon Schryver [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
