Ben Laurie blathering

Microsoft Implement The Evil Bit

Thanks to the Shindig mailing list, I’ve just noticed this gem from Microsoft.

The essence here is that third party sites inside frames might invade your privacy by setting cookies, so IE6, by default, doesn’t let them set cookies. But, if they promise to be good, then it will allow them to be bad. Isn’t that marvellous?

What I think is particularly excellent about Microsoft’s support article is that they tell you how to suppress the behaviour by setting an appropriate P3P policy … but they don’t tell you what this policy really means, nor suggest that you should only set the policy if you actually conform to it.

Of course, you can tell it’s a Microsoft protocol because it takes 21 bytes to do what the original proposal could do in a single bit.

1 Comment

  1. I confess to implementing something similarly stupid for a company that shall not be named. I protested. My protests were ignored.

    The underlying point of view is that security does not matter. The intent is to pretend to solve the problem, rather than actually solve the problem.

    Comment by James A. Donald — 31 Mar 2008 @ 7:18

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress