On Sunday 2015-01-18 21:00 -0800, Brian Smith wrote: > L. David Baron <dba...@dbaron.org> wrote: > > http://www.w3.org/2014/12/webappsec-charter-2015.html > > Please see the threads at > > [1] https://lists.w3.org/Archives/Public/public-webappsec/2014Nov/0179.html > [2] > https://groups.google.com/d/topic/mozilla.dev.privacy/Rbm1XdfXX6k/discussion > > In particular, although I think the sub-origin work is potentially > very useful, it seems to have some pretty negative unintended > consequences. Even if you don't share my specific concerns about the > potential negative interaction between the sub-origin part of the > proposed charter with respect to Mozilla's Tracking Protection work,
I'm having trouble understanding those concerns. Is the argument you're making that if the site can serve the ads from the same hostname rather than having to use a different hostname to get same-origin protection, then ad-blocking (or tracking-blocking) tools will no longer be able to block the ads? I suppose I can see that it could make some forms of ad-blocking (network-level rather than URI-level) more difficult. But it's not clear to me what the additional tracking potential is in this case. I don't see where it introduces vectors for sharing cookies (or other similar data) between sites that don't already exist. -David -- 𝄞 L. David Baron http://dbaron.org/ 𝄂 𝄢 Mozilla https://www.mozilla.org/ 𝄂 Before I built a wall I'd ask to know What I was walling in or walling out, And to whom I was like to give offense. - Robert Frost, Mending Wall (1914)
signature.asc
Description: Digital signature
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
