Re: Last Call: <draft-nottingham-safe-hint-05.txt> (The "safe" HTTP Preference) to Proposed Standard

[Doug Barton <dougb@dougbarton.us>]

On 11/16/14 6:10 PM, John Levine wrote:
>> The only thing I see wrong with this is the one bit. I would prefer to
>> see one byte, with a standard meaning developed for the bitmask.
>
> We've had multiple attempts to do multi-factor web content filtering,
> such as PICS.  All of them have failed to gain any acceptance.  Can
> you tell us in more detail why it would be useful to go through a
> similar exercise again?

Because this time around there is actual traction for doing $something, 
so one could easily argue that taking advantage of that traction to do 
something more useful than one bit is a good plan.

> Please keep in mind that two of the three most popular browsers in the
> world, and the #2 search engine, have already implemented exactly
> what's in this I-D, so it is in production use now.

... and as has been repeatedly pointed out to you, all of the popular 
search engines have cookie-based options with a much more fine-grained 
approach than "on" or "off." So clearly there is a demand for more 
granularity, because *they are already doing it.*

That said, I read Mark's response to Joseph Hall that more than one bit 
can also lead to more granular data mining efforts that might help 
unscrupulous sites guess the age of the person behind the keyboard (or 
guess more accurately).

Mark, can you respond to this point in more detail? Specifically, given 
that there are already more-granular cookie-based solutions which are 
nearly universally deployed, how much does preventing granularity in the 
initial signal to the site help avoid this pitfall?

Doug