<div class="gmail_quote">On Mon, Dec 14, 2009 at 1:36 PM, Peter Watkins <span dir="ltr"><<a href="mailto:peterw@tux.org">peterw@tux.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Mon, Dec 14, 2009 at 11:32:40AM -0800, John Panzer wrote:<br>
> On Mon, Dec 14, 2009 at 11:21 AM, Peter Watkins <<a href="mailto:peterw@tux.org">peterw@tux.org</a>> wrote:<br>
<br>
</div><div class="im">> > I<br>
> > don't want the data-hungry folks at Facebook noticing that I'm logged<br>
> > in to the Greenpeace or National Rifle Association unless I explicitly<br>
> > approve letting Facebook know that.<br>
<br>
</div><div class="im">> (Note that<br>
> even today, you may be able to use visited-link color hacks to determine<br>
> what OPs a user has recently frequented; statistically speaking you can<br>
> already get the information you're worried about.)<br>
<br>
</div>I call that the "Grandfather Clause" Fallacy, and I see it pretty often.<br>
Your argument is that because there's already an exposure (due to<br>
unintentional consequence of DOM/Javascript interaction), it's OK to build<br>
new systems & specs that are known to have the flaw from day one. You're<br>
arguing that the privacy flaw exhibited in the link status checking should<br>
be "grandfathered" in.<br>
<br>
Why not raise the bar, and make the web a *better* place instaed of settling<br>
for today's lowest common denominator?<br></blockquote><div><br></div><div>The part of my response that you cut out argued for exactly that.</div><div><br></div><div><br></div></div>