|
|
|
|
|
|
by daveoc64
1472 days ago
|
|
|
What is the "better way" here? There is a legitimate use case for having login/identity stuff on a different domain - many of the largest companies in the world are doing this. How can this issue be solved without either confusing users through the requestStorageAccess API, or forcing everyone to use a single domain for everything? |
|
|
In a nutshell, adding new case-specific web APIs seems to be the likely way forward here. There are proposals floating around like an "is logged in" API, the Federated Credential Management API, and so on.
I'm not sure there's ever going to be a perfect solution for everything, but I would certainly rather have users more informed and empowered about their privacy than they currently are (even if some folks prefer to just "allow all").
I guess we'll just have to wait and see which proposals win out, and in the meantime rely on heuristic-based solutions like Total Cookie Protection to iteratively get us to a better place.