IETF Logo Mail Archive

Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard

Yoav Nir <ynir.ietf@gmail.com> Fri, 24 October 2014 21:10 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80E0D1A9235 for <ietf@ietfa.amsl.com>; Fri, 24 Oct 2014 14:10:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10IipOt_2ACj for <ietf@ietfa.amsl.com>; Fri, 24 Oct 2014 14:10:10 -0700 (PDT)
Received: from mail-wg0-x22c.google.com (mail-wg0-x22c.google.com [IPv6:2a00:1450:400c:c00::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 546181ABD3A for <ietf@ietf.org>; Fri, 24 Oct 2014 14:09:19 -0700 (PDT)
Received: by mail-wg0-f44.google.com with SMTP id y10so1900408wgg.27 for <ietf@ietf.org>; Fri, 24 Oct 2014 14:09:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=0Ml2OoGHH0CZl14liyqEM7WBG+vCrnxClHU55GLH/eg=; b=AK7lUWlejyHH8FQ8v0/zDeMB/9/no+chEczzCmLuGWP2n4p86nuCfa5YBQmjLowML1 hu1e+axiu+Fi0NKeMsm5YQSwSqpvogPGoy+w1J3YuqUexOeJUhocLwYjLcS2LwDnBxyK aFodKt9PdnIw+i0foasLoXU9jq8gl5PT0BMC3h9w/tubw8MznuDF2S/yMpL780cKEINO ew0J2TeBVcxB6sMfnIw9Avqo+kFi6m97dw6xtNXXn5Zxs0HBvqXmNmnnGZUuZEcwhcsQ cnSwQjUxaO8yVRRN/usnXyhjNNBbs4U8ZhkHPhAowsEff8JFzJmo7hOk/huxedyMB14w +8vQ==
X-Received: by 10.180.107.136 with SMTP id hc8mr4110104wib.78.1414184957468; Fri, 24 Oct 2014 14:09:17 -0700 (PDT)
Received: from [192.168.1.102] (IGLD-84-228-87-161.inter.net.il. [84.228.87.161]) by mx.google.com with ESMTPSA id cs2sm3234360wib.2.2014.10.24.14.09.16 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 24 Oct 2014 14:09:16 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\))
Subject: Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <20141024202825.11783.qmail@ary.lan>
Date: Sat, 25 Oct 2014 00:09:15 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <B88839A9-B247-4E74-8A3E-5F2D4670D6D4@gmail.com>
References: <20141024202825.11783.qmail@ary.lan>
To: John Levine <johnl@taugh.com>
X-Mailer: Apple Mail (2.1990.1)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/J4vplSurR6-x6OwVeaWT7-1nQJ4
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2014 21:10:13 -0000

> On Oct 24, 2014, at 11:28 PM, John Levine <johnl@taugh.com> wrote:
> 
>> ... The result is that there’s no way for a content provider to know
>> what a user means when their browser emits the “safe” hint, and no way for the user
>> to know what kind of content they are going to get.
> 
> Mozilla Firefox, Microsoft Internet Explorer, and Google's Bing search
> engine have already implemented it.  Could you please clarify why
> Bing's implementation doesn't work?  On the Bong homepage at
> http://www.bing.com, there's a gear icon at the upper right.  Click
> that, and you'll find a discussion of their existing SafeSearch
> feature that may be helpful.

So is the Prefer: Safe header the same as “Moderate SafeSearch”, or “Strict SafeSearch”. Because apparently they need two bits of information, not just one.

Youtube and Goodle Search have just one bit. Flickr, deviantArt have multiple bits. 

> 
> At the bottom of Google's search page at https://www.google.com is a
> "Settings" button.  If you click that, you'll find that one of the
> settings is an option called SafeSearch that you can turn on and off.
> It's currently implemented in a cookie, but I hope it's obvious how
> they could use the safe hint to turn on the same setting.  Can you
> clarify why this feature doesn't work, and why using the safe hint
> would make it worse?
> 
>> Section 3 mentions YouTube. That is actually a perfect example of what I mean. Sites
>> like YouTube, deviantArt, Flickr, and Wattpad, even Wikipedia provide user-generated
>> content.How are they to decide what is and isn’t “safe”?
> 
> I'm just guessing, but my guess is that they will do it exactly the
> way they do right now.  If you look at https://www.youtube.com and
> scroll to the bottom of the page, you will see a box where it says
> "Safety" Off" or "Safety: On".  If you click it, they show a short
> summary of what it means, 

True, except that with a browser hint, you don’t get to see the site-specific explanation of what “safe” means.

Yoav

v2.23.0 | Report a Bug | By Email