On Fri, Oct 24, 2014 at 10:49:08PM +0300, Yoav Nir wrote: > > no way to use it properly. The drafts does not specify what “safe” > content is and what “unsafe” content it, and some people treat this > as an advantage. Not as an advantage, but the whole point of the feature. > The result is that there’s no way for a content > provider to know what a user means when their browser emits the > “safe” hint, and no way for the user to know what kind of content > they are going to get. This is true. It is also what is the case on the Internet today. Suppose the feature, instead of being called "safe", was called "userflag". Sites had a local policy that provided one set of functionality when userflag=1 and a different set of functionality when userflag=0. What the policy was varied from site to site, and it was up to users to know, for any site, what the policy would be if they turned userflag on. But once they did, then they'd get the userflag-enabled service from that site. "Ah," you might reply, "but what the user actually wants is a fine-grained preference control system. So the userflag feature is stupid and bad and we should prevent it." Moreover, suppose that there already was a mechansism that permitted a user to expose all the things that he or she did and did not want to experience in using a site, and that its main problem was that nobody used it. The story above is roughly what we have here. There is already at least one well-specified, comprehensive vocabularly for you to express all the things you think to be safe and non-safe: http://www.w3.org/PICS/. It is, in commercial terms, almost a total failure in the sense that it's too hard to use and doesn't solve the problem people think they have. As a result, sites offer a "safe mode" that does whatever it is that the site does. It isn't anything that I personally find at all useful, and I think that trusting sites to have the same judgement as I do suggests a touching faith in humankind. But the full-bore system is already there, it doesn't get used, and people are already using this one-bit style of approaching the problem. All the draft does is say, "If you're going to use this one bit style, please signal it thus." If the goal is interoperability on the Internet, it seems to me that getting all the dumb ways to "protect" yourself to signal "dumb protection, please" the same way is a good thing. Best regards, A -- Andrew Sullivan ajs@xxxxxxxxxxxxxxxxxx