Well @chrysn@chaos.social, I really appreciate your good intentions and will to fight for users' #privacy.
But I was not talking about you or the few independent developers who still volunteer at #IETF these days.
I was talking about IETF effects on the Internet standards as a whole.
I'm afraid the impact of a few independent engineers is not going to balance the power of organized and well funded #BigTech lobbyists.
As an example, let's stay on topic and look at RFC 9001, "Using #TLS to Secure #QUIC".
All that is said about the impoved ability of the server to identify (and thus track) the user are in two lines about session resumption (emphasys mine):
Session resumption allows servers to link activity on the original connection with the resumed connection, which might be a privacy issue for clients. Clients can choose not to enable resumption to avoid creating this correlation.
Now please notice the
#hypocrisy: the wording is set up as if
clients should opt-in, but it's pretty unlikely that
users will be given a choice between a
personal data leak at protocol level and an imperceptible increase in connection time, in particular with 0-RTT where " Endpoints cannot selectively disregard information that might alter the sending or processing of 0-RTT".
So while I'm pretty curious about
@bagder@mastodon.social's
perspective, I see that
#Google managed to get a protocol designed to thwart user privacy and reduce its own server costs (even just the energy consumed during TLS hadshakes, amount to thousands dollars each day).
This way, if EU would decide to forbid tracking cookies at all, Google would get a competitive advantage over all other
#AdsTech companies.
Now a properly working IETF would have rejected such shit, knowing that it would have been leveraged against people (and democracies) though
#Chrome browsers and
#Android defaults.
CC:
@daniel@gultsch.social @lorenzo@snac.bobadin.icu
