On 4/20/11 6:57 PM, Tab Atkins Jr. wrote:
True, you need some side-channel to link the two iframes for a particular client. You can use something simple like one of the *other* within-domain communication mediums (cookies, localStorage, etc.)
Which is why there are options to restrict third-party cookies; I believe there are proposals to apply those to localStorage and the like as well.
We already know that you can fingerprint a larger percentage of users
Which is why some UA vendors are actively trying to reduce the fingerprintable bits of their UAs that they expose to page JS.
In other words, these are problems we're trying to solve. Adding to the list of problems seems counterproductive here.
-Boris
