I'm stating the obvious, which is that if a feature does not provide quantifiable privacy or security benefits it isn't actually a real privacy or security improvement. Breaking very specific legacy code is a much different thing than fundamentally improving privacy or security.
Conversation
hey, don't call it obvious if the village idiot (that's me!) doesn't understand it ;)
And I still don't see how "it breaks a class of malicious sites" isn't quantifiable. That's simply a false statement, if you ask me.
1
It was trivial to detect Incognito mode, and it's at least as trivial to do it as it was before. The browser project has more attack surface and maintenance burden along with the opportunity cost from taking this approach rather than making real improvements with those resources.
2
Ok, I really need to stop getting sidetracked here, and ask the central questions more directly:
· What's the metric that says this mitigation has negative effect, aside from the Daniel-says-so metric?
1
More code, more complexity, time spent by developers and users further misled about what Incognito provides and is intended to provide. It's no harder for someone to detect Incognito compared to before so as software the browser doesn't provide any additional privacy than before.
1
There isn't an unlimited budget for privacy and security features. Substantial resources were dedicated to do something that doesn't work, and resources will continue to be allocated to it since it's part of the software project. It reduces the time spent on actual improvements.
1
Seriously, metric. How is time better spent on fixing potential issues than fixing one that is acute, now.
1
The metric is that Incognito is no harder to detect than before. No issue was fixed. No problem was addressed. The code is larger, more complex and harder to maintain. This change was not part of a path to addressing the problem. It has no place in a solution. It's not progress.
1
Number of privacy issues addressed: 0. Number of security issues addressed: 0. Increase in difficulty of detecting Incognito: 0. Is what you want the lines of code added, number of Chromium developers who spent time on it, number of misleading news stories published, etc. ?
1
You're plain wrong. That mitigation fixed a privacy issue, for a limited amount of time. that's a 1 in place of your first 0, and also in your third 0.
Just because you don't like short-term effective code (nobody does) doesn't mean things didn't work.
1
No privacy issue was fixed. Incognito mode could be trivial detected, and it can still be trivially detected. The mitigation was not effective in the short term, and you're simply being incredibly disingeneous and dishonest at this point since you don't have any real arguments.