Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>How can you bypass something that is not a barrier?

So if tomorrow Chrome uploads all your keystrokes to Google, will that be a valid defense?

>P3P means "we would never..." in computer speech which is unenforceable therefore useless.

Stopping Chrome from uploading your bank passwords with today's update is unenforceable as well and hence thereby useless.



Right. So if you are afraid of that then don't use Chrome.

And if you are afraid that cookies can be used for tracking then disable them in your browser.

P3P imho is useless because people whom I don't want to be tracked by will serve all the reassuring tokens in P3P and do whatever they want anyway.

I want my +1 buttons to work and if that means pulling curtain on some security theater then so be it.


I see this as a predominantly moral issue. Google seems to expose itself as the people whom I don’t want to be tracked by by engaging in shady behavior. That is exactly the problem.

Yes, anyone who wants to can circumvent it anyway, but that doesn’t stop us from judging those who do so negatively†. Google can be held accountable in this case (by, for example, complaining loudly about what they do) and there is nothing wrong with doing so. Just because it’s possible doesn’t mean it’s right.

That the protocol sucks is in that context a separate and unrelated issue. It may be security theater, but that doesn’t make Google’s behavior any more moral†.

† Insert clever analogy here. I’m too lazy to think about one, though.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: