On 09/07/2013 02:39 AM, Bil Corry wrote:
Responding on moz.dev.privacy because I think it's a better place for
discussion instead of using bugzilla.
Thanks, much appreciated.
--- Comment #130 from Jonathan Mayer <[email protected]>
Users today can block third-party cookies if they so choose, they
don't need this patch.
I disagree. The meat of this discussion is about default behavior.
People can set master passwords (to encrypt their stored passwords on
disk), but few do. So it's not protecting many people, and the defaults
matter significantly for security and privacy.
Plus, this patch blocks third party cookies in a new way; the "softer"
from-visited blocking was not implemented previously, and regardless of
what we do with defaults I think maybe it's a keeper since it breaks
fewer things than disabling cookies for all third parties.
What people *do* and what people *want* are often different. We use
default configurations to help get Firefox users closer to what they
seem to want, especially when it's not easy or worth their time to
understand how the relevant part of the Internet works.
Do we know how many have done so?
Not certain, but Monica estimates[0] about 0.83% of users have changed
the cookie behavior away from the default. So that's an upper bound on
how many people disable third party cookies. That's pretty low
especially when > 10% of users are enabling DNT (which is a much clearer
indicator of what people want than cookie setting twiddles).
-Sid
[0] http://monica-at-mozilla.blogspot.com/2013/02/writing-for-98.html
_______________________________________________
dev-privacy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-privacy
