Google: Only Do Evil
This proposal is evil beyond belief!
A Google proposal which enables a web browser to treat a group of domains as one for privacy and security reasons has been opposed by the W3C Technical Architecture Group (TAG). Google's First Party Sets (FPS) relates to the way web browsers determine whether a cookie or other resource comes from the same site to which the …
If Chrome wants to do this, they can just shove all their domains into the same origin anyway. It's their browser, if they want to break it. Stay out of everyone elses'.
At this point, if Google suggest something, the default should be "nope"; much like when the NSA 'suggest' encryption parameters...
This is a malignant at sooo many levels.
google.com and google.co.uk are owned by the same corporation (*). There will be many, many cases where foo.com, foo.org, foo.co.uk and foo.eu below to different organisations. How will a user be able to give informed consent for blanket cookies to any of the foo?
That youtube belongs to google is (sort of) widespread knowledge. How does the average user know who "newly_aquired_startup.com" belongs to - the original founders, or the megacorp that bought them yesterday? And next week, when the megacorp sells them on? Which entity owns the blanket cookie then?
If I need to enable cookies in order to access a .gov.uk website, does this give the government carte blanche for a blanket cookie? Or does Crapita (provider of the service behind the .gov.uk) get the blanket cookie? Or do both get a golden ticket?
(*) They'll point out that they are discrete entities when they need - tax reasons, for instance.
You've missed the best part: "The idea allows for sites to declare their own sets by means of a manifest in a known location.manifest in a known location"
To me a known location is remote to the user ie. part of the website under the control of a third-party. Which means that I could dynamically add all sorts of domains on the fly to my manifest eg:
From my understanding a site could declare whatever it wants, however the site that it declares domain equivalence with must also declare the same in return. Therefore while your website could declare facebook.com to be a part of your domain, facebook.com would also have to declare your website to be a part of your domain for the equivalence to hold. Quite a lot of cross-domain requests could stem from such an implementation and if not careful it could be relatively easy to abuse, which is where the problems start
Next project is to morph chrome into the WWGW (World Wide Google Web) browser. It is a fork from the WWW and guarantees a platform with no interference from W3C. Finally we can evolve the web into a progressive vehicle, where only commercial interests will rule as it should be. Amazon, Microsoft and Facebook have already showed interest in the concept and have indicated a shared interest. Apple did not comment directly, but it is assumed, from off-the-record talks, that Apple's garden wall will soon be reinforced to new heights and an Apple iFork for iWeb may be in consideration.
The rest of the online shops will soon have to decide to become iShops or Gshops. This will be known to future generations as the Great Split of Power. There can no longer be an unprofitable backward compatible middle way.
Hey, now that we have brexit we can do what we want and tell Google, Facebook, M$ and the rest to fuck off. We are sovereign and that's all that matters.
I don't think I've thought this through.
EU. Hello, EU. Can we come back again please? I think we may have shafted ourselves,
They give the browser away for free, how can you stop that? Now you see the evil of the Silicon Valley business model, and how ruthlessly effective it is for the chosen few companies. It's designed to crush any potential competition, and powerful monopolies are the natural result.
I currently have a 4:1 upvote:downvote ratio, which I think is healthy. If I'm not getting blasted with downvotes on occasion then I'm probably not contributing anything interesting to the discussion. If people can't detect irony, sarcasm, or satire then... oh well. Their tears taste sweet to me.
And, yes, I already know which groups of people might upvote this and which groups of people might downvote this. Whatever.
This post has been deleted by its author
"No, we are not proposing to change the scope for permissions. The current scope for FPS is only to be treated as a privacy boundary where browsers impose cross-site tracking limitations.“
See - they are being very clear what the proposal is for - it’s to make it easier to track you. What’s the problem with that?
Biting the hand that feeds IT © 1998–2021