[onion2k]

30 day timeout? I'm getting pretty fed up of re-logging into websites already over the last couple of years.

Users having to log in to a website 12 times a year, or 13 times in a bad year, is a price worth paying to improve privacy and security across the internet.

[sambe]

I'm not sure why you'd think you should make a statement on behalf of everyone. If you are happy with this trade-off, you are free to make it.

The 30-day timeout is for Storage Access API - cookies expire much more often already.

As I said, there is an accumulation of productivity harms. My claim is that the pro-privacy solutions are not good enough relative to the problems they cause (and their effect on improving privacy is also debatable).

[stickfigure]

I think the concept is good, I just think 30 days is too short. Make it 60 days and now we're talking 6 times per year, much more reasonable. Make it 90 days and I don't think anyone will notice.

This is going to affect every user of every website using federated auth. That's a lot of buttonclicking to add to the universe.

[mFixman]

According to Firefox I have 217 saved logins in different websites.

Even if I only used a fifth of them once a month, I wouldn't want to re-login 521 times every year. This is a big UX decline for pretty much zero privacy gain.

[kevincox]

I disagree. This is making a significant UX downgrade to a core workflow while making the tiniest blip on tracking. (Oh no! You lose cookies every 30 days)