24 comments

[ 3.0 ms ] story [ 45.3 ms ] thread
(comment deleted)
>> Should we special-case the cookie value "OPT_OUT"? It would be unfortunate indeed if removing old cookies meant that users who had opted out of interest-based advertising started being targeted again. Perhaps excluding the special value OPT_OUT (and asking advertisers to standardize on it?) is justifiable.

Still suggesting the Evil Bit? https://www.ietf.org/rfc/rfc3514.txt

To be fair, the evil bit's a great idea; it just failed to get much support from the malware developer community.
Maybe they didn't ask them nicely enough.

Likewise, instead of using technical measures to stop websites from acquiring analytics, we can make them pinky-swear to delete out data. This simply cannot go wrong.

plan? No, some guy has suggested it. That does not equal to plan.
Can we change the clickbaity headline? This is a Google employee, but there is no evidence in that repo that supports the claim that "Google has plans".
Speaking with some amount of experience working with people on that team: his role at Google is precisely what you see him doing here—deprecating insecure fundamental components of the web.

A proposal like this wouldn't have been approved for public release if the rest of the Chromium security team didn't see merit to it.

Everyone keeps calling him "some guy." Mike West is attached to a number of similar RFCs.

That all being said, I wouldn't immediately discount the idea even if it only turns out to be a research exercise.

Shouldn't the title have 'deprecate' instead of 'depreciate'?
They want them to last for less time. Perhaps that's the right word.
I think so as well. The intent of this write-up is explicitly to advocate for a practice to "Expire cookies early". "Depreciate" might not be the perfect word, but "deprecate" is outright misleading.
Depreciate is an intransitive verb. It does not take an object such as cookies, but refers back to the subject. So short GOOG now.
One of my earliest memories of professional programming was talking to another dev, many years my senior in experience, about a "deprecated" API. They insisted the word was "depreciated". I didn't push it for the conversation, but afterwards triple-double-checked I wasn't crazy. Nearly 20 years later, I still feel I might be using the word wrong.
I die a little inside every time I see 'commerical'.
I imagine the Urban Dictionary definition to be "A comical commercial" :)
Might cause an issue for WiFi access portals in short term. Not really related, more of a side effect of poor implementations. Some use cookies to route around settings, I’ve had trouble with in past.
next step: disable javascript served over http
next step: disable javascript
It's not the 90's... WebApps and PWA's require JS. And Javascript in browser is secure as it is sandboxed. Minute privacy concerns are not enough for 99.9% of the people to disable js either.
Should there be an official Google update or blog on this?