hey, sorry if I came across like that.
It's just that I feel you're proposing better metrics, and I feel that metrically, that mitigation seems like the thing to do (one problem down, only a potential problem appears).
Could you explain your metric? How's not doing that better?
Conversation
I'm stating the obvious, which is that if a feature does not provide quantifiable privacy or security benefits it isn't actually a real privacy or security improvement. Breaking very specific legacy code is a much different thing than fundamentally improving privacy or security.
1
hey, don't call it obvious if the village idiot (that's me!) doesn't understand it ;)
And I still don't see how "it breaks a class of malicious sites" isn't quantifiable. That's simply a false statement, if you ask me.
1
It was trivial to detect Incognito mode, and it's at least as trivial to do it as it was before. The browser project has more attack surface and maintenance burden along with the opportunity cost from taking this approach rather than making real improvements with those resources.
2
As software, Chromium is not more private or more secure. It's slightly more complex and harder to maintain. It's not better positioned than it was before to address this, if they deem it to be something worth properly addressing in a meaningful way.
1
It doesn't break a class of malicious sites. That's a misrepresentation of it. The only thing that it accomplished is a one time adjustment by the adversaries. It only addressed one way this was being detected, and they had the time they needed to adjust. Code is still there.
1
Metric that breaking things for one evil agent for a limited amount of time is worse than letting that actor do what it's doing, including the cost of implementing that mitigation, please.
You're beating around the bush.
1
Incognito is no harder to detect than before. There is no way to present the software as having improved privacy. The adversaries weren't prevented from doing it for any period of time. They weren't even inconvenienced in any substantial way but rather had to update a library.
1
yes, so they had to update a library, and that means the attack didn't work for a period of time. That's quantifiable, and you're acting like it isn't.
You're a proponent of setting goals and measuring success in metrics of goal achievement, but if your declared goal was privacy
2
then you can't just ignore a mitigation because it's "short time effective only".
You might need to come up with a software engineering model to remove these mitigations once a broader solution is found, definitely.
1
It was never effective. There was never any period of time where Incognito mode was not trivial to detect. It wasn't effective in the short term, and the code is also around for the long term. As I mentioned, Safe Browsing is the short term enumerating badness approach, not code.