[dns-operations] Monday rant againt the uses of the Public Suffix List

Vernon Schryver vjs at rhyolite.com
Mon Jan 21 21:24:40 UTC 2013


> From: Warren Kumari <warren at kumari.net>

> > Continuing the sarcasm is too much effort, so I'll simply ask why not
> > do DNS MX and A requests?  (both because of the fall-back-to-A-if-no-MX

> Please sir, if I run www.images.example.co.uk, can I set a cookie
> at images.example.co.uk? How about example.co.uk? Fine Now .co.uk?

If you are running www.images.example.co.uk, then you should know
all there is to know about cookies at www.images.example.co.uk any
other domains at which you might legitimate want to set a cookie.

If you are an HTTP client implementor, then I think you should implement
"disable third party cookies" with the single obvious, fast, simple,
and--if you like--simplistic comparision without needing to check any
PSL lists.  You should also make "disable third party cookies" on by
default.


Yes, I am among the many who consider third party cookies at best
undesirable and generally willful and knowing attempts to sell or
otherwise violate our privacy.

Yes, I've occassionally encountered web pages that apparently
legitimately use third party cookies (i.e. without obviously trying
to violate my privacy).  I cannot recall any cases where those web
pages could not and should not have used other tactics.

Yes, I know all HTTP server operators "values my privacy."  However,
the values that spammers, advertisers, governments, and other snoops
place on my privacy differ from mine.


Vernon Schryver    vjs at rhyolite.com



More information about the dns-operations mailing list