Hi Ian,
Thank you for taking the time to follow up. Some of my comments do seem a little immature in hindsight and I tend to agree now that adding a lot of these suggestions to the HTML spec. would make little difference. I am exploring options to reduce the potential for UA state leaks but do not have anything concrete to propose yet. If you care to see some ideas being explored then please see: http://www.w3.org/community/pua/wiki/Draft I could certainly use some feedback. Perhaps someday it will be possible to propose some extensions to better secure the UA state such as new iframe sandbox flags etc. I grew up with computers being personal and private places and we only shared data explicitly. I wince when I see children using the modern web browsers as a platform for computing - knowing the visibility external resources have over their actions. I'll do what I can to try and provide a more secure and private UA option. cheers Fred
