On Mon, Dec 14, 2009 at 1:36 PM, Peter Watkins <[email protected]> wrote:
> On Mon, Dec 14, 2009 at 11:32:40AM -0800, John Panzer wrote: > > On Mon, Dec 14, 2009 at 11:21 AM, Peter Watkins <[email protected]> wrote: > > > > I > > > don't want the data-hungry folks at Facebook noticing that I'm logged > > > in to the Greenpeace or National Rifle Association unless I explicitly > > > approve letting Facebook know that. > > > (Note that > > even today, you may be able to use visited-link color hacks to determine > > what OPs a user has recently frequented; statistically speaking you can > > already get the information you're worried about.) > > I call that the "Grandfather Clause" Fallacy, and I see it pretty often. > Your argument is that because there's already an exposure (due to > unintentional consequence of DOM/Javascript interaction), it's OK to build > new systems & specs that are known to have the flaw from day one. You're > arguing that the privacy flaw exhibited in the link status checking should > be "grandfathered" in. > > Why not raise the bar, and make the web a *better* place instaed of > settling > for today's lowest common denominator? > The part of my response that you cut out argued for exactly that.
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
