undefined | Better HN

0 pointsquickthrower25y ago0 comments

Remove cookies from the HTTP specification, and more importantly, browsers.

Replace it with a single "session token" value that you are allowed to set. Can only be created in response to a form post. No cross domain.

Make all the other web API stuff an smartphone-style opt in. "This app requires the following permissions: "Store private data in your browser. Only do this for site you trust as this can be used to track you." etc.

Maybe all the above can be made into an extension as a stop gap.

0 comments

TeMPOraL5y ago

Ironically, cookies were GDPR-compliant when first created, and they envisioned the problems they're causing today. Hell, parts original cookie specs read very much like GDPR. It's just got corrupted over time by advertisers. Perhaps the best option today would really be to just rip them out entirely.

j / k navigate · click thread line to collapse

0 pointsquickthrower25y ago0 comments

Remove cookies from the HTTP specification, and more importantly, browsers.

Replace it with a single "session token" value that you are allowed to set. Can only be created in response to a form post. No cross domain.

Maybe all the above can be made into an extension as a stop gap.

0 comments

TeMPOraL5y ago

j / k navigate · click thread line to collapse