On 4/15/16 2:12 AM, Jason Duell wrote:
> Focusing on third-party session cookies is an interesting idea.
> "Sessionizing" non-HTTPS third-party cookies would encourage ad networks
> and CDNs to use HTTPS, allowing content sites to use HTTPS without mixed
> content problems. Much later, we could consider sessionizing even HTTPS
> third-party cookies.
>
How about we sessionize only 3rd party HTTP cookies from sites that are on
our tracking protection list? That seems the most targeted way to
encourage ad networks to bump up to HTTPS with a minimal amount of
collateral damage to other users of 3rd party HTTP cookies.
The IAB recently announced a "LEAN Ads" initiative [1]: Light, Encrypted
(HTTPS), Ad Choice supported, and Non-invasive.
When the IAB agrees ad networks should use HTTPS, clearing HTTP cookies
from third parties and/or sites on the Tracking Protection list becomes
an easier sell, policy-wise. We're not talking about blocking cookies or
content, just reducing the cookie lifetime.
[1] http://www.iab.com/news/lean/
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
