On Mon, Oct 31, 2016 at 4:00 PM, Henri Sivonen <hsivo...@hsivonen.fi> wrote: > On Mon, Oct 31, 2016 at 3:01 PM, Aryeh Gregor <a...@aryeh.name> wrote: >> If the concern is fingerprinting, perhaps it could be exposed only to >> sites that the user is logged into (assuming we have a good working >> definition of "logged in")? > > I think that's over-engineering it. > > I suggest we make it behave the current way for chrome, > https://*.mozilla.org and https://*.netflix.com origins and make it > return a constant otherwise.
This only helps us and Netflix. Other sites that want to track fixes will be left out in the cold. Taking a step back: is fingerprinting really a solvable problem in practice? At this point, are there a significant fraction of users who can't be fingerprinted pretty reliably? Inevitably, the more features we add to the platform, the more fingerprinting surface we'll expose. At a certain point, we might be taking away a lot of features for the sake of trying to stop the unstoppable. (I have no idea if this is actually true now, though. This is a genuine question. :) ) _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
