> From: Sid Stamm [mailto:[email protected]] > > Users today can block third-party cookies if they so choose, they > > don't need this patch. > > I disagree. The meat of this discussion is about default behavior. > People can set master passwords (to encrypt their stored passwords on disk), > but few do. So it's not protecting many people, and the defaults matter > significantly for security and privacy.
I think you misunderstand - I wasn't saying that this patch isn't needed, I was saying that the push to Beta doesn't make sense since there's a question of breakage and if users are impatient, they can block cookies themselves today by adjusting their preferences (i.e. they don't need this patch to block third-party cookies). Some of the comments make it sound like users are exposed because this patch hasn't gone live, but the truth is any user that doesn't want third-party cookies can block them now, without this patch. > Plus, this patch blocks third party cookies in a new way; the "softer" > from-visited blocking was not implemented previously, and regardless of what > we do with defaults I think maybe it's a keeper since it breaks fewer things > than disabling cookies for all third parties. I agree that the "softer" approach is better. > What people *do* and what people *want* are often different. I agree. People say they want to live a long, healthy life, but then eat poorly, smoke, and drive without their seatbelt. > We use default > configurations to help get Firefox users closer to what they seem to want, > especially when it's not easy or worth their time to understand how the > relevant part of the Internet works. I was curious what people seem to want by looking at what some of them have done. > > Do we know how many have done so? > > Not certain, but Monica estimates[0] about 0.83% of users have changed the > cookie behavior away from the default. So that's an upper bound on how many > people disable third party cookies. The low number doesn't surprise me, the cookie preferences are hard to find. I've been using Firefox for many years and I had to look up how to do it. I suspect most users will just browse through the preferences, and if they do, the cookie preference isn't visible. > That's pretty low especially when > 10% > of users are enabling DNT (which is a much clearer indicator of what people > want than cookie setting twiddles). Jonathon estimated that 10 to 20% of Safari users have turned off third-party cookie blocking. My guess is users want privacy, but they also expect their web experience to work. - Bil _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
