[Date Prev][Date Next][Thread Prev][][Date Index][Thread Index]

Cookie policies

Over the years, the consensus of different major web browsers has been
to be more restrictive about cookie management. Maybe this project
should re-examine its cookie policies. This isn't an area that I
personally have much expertise in, and the subject is worthy of
discussion before suggesting any changes involving major code-writing.

This discussion, or parts of it, may also need to involve the parent w3m
project...

For a simple start:

1) Variable `w3m-cookie-save-cookies' currently defaults to `t', meaning
   that emacs-w3m saves cookies to disk when it exits. From what I
   understand, this is the opposite of what modern browsers do.

2) I'm not even sure modern browsers even have an option to store
   cookies to disk *ever*. Should w3m/emacs-w3m continue to support a
   disk-based cookies file?

3) Months ago, the European Union enacted the GDPR law which includes a
   requirement that websites ask the user's permission before using
   cookies. But that seems to be done in practice using javascript,
   which emacs-w3m doesn't support. Are the cookies being accepted /
   used / stored?

4) Emacs-w3m already has certain conditions in which it asks the user
   whether to accept cookies. Should that be changed to become the
   default for *all* cookies?

5) Modern browsers have begun to automatically delete cookies when
   leaving a domain, even though the browser process remains. Should
   emacs-w3m do so? Should the policy be when the current tab exits the
   domain (strict) or when the last tab exits the domain (lenient)?

6) How about adding to the header line of all emacs-w3m buffers a short
   indication whether that particular page is using cookies? What I'm
   imagining is to replace the word "Location: " with "URL: ", and
   prefix it with one of the two unicode cookie emojis (🍪🥠) (C-x 8
   <ret> cookie) along with an integer, the whole prefix colored green
   if the integer is zero, red otherwie. For example:

       🍪99 URL: http://emacs-w3m.namazu.org/

   I suppose we could do something similar for the presence of <script>
   elements or other indications of attempts to load javascript...

       🍵99 🍪99 URL: http://emacs-w3m.namazu.org/

--
hkp://keys.gnupg.net
CA45 09B5 5351 7C11 A9D1  7286 0036 9E45 1595 8BC0