[majika]

And here we see the contempt for privacy that some employees of Google hold.

What would you regard as private, pray tell, if it's not being able to access a web page without telling Google (and other advertizing companies) that you're doing so? You regard a pursuit for that freedom as "paranoid"?

Linking is the great power of the Web, and is why it is what it is today. That's all. Scripting is sometimes useful, but more often than not, it's used to enable an industry of services-as-software-substitutes ([1]) to thrive. Cross-site resource requests are not important or valuable (I think they're detrimental), and they are totally replaceable anyway, as you mentioned. As HTTP2 becomes more commonplace, cross-site requests will be replaced in favor of same-site requests. I look forward to that.

[1]: https://www.gnu.org/philosophy/who-does-that-server-really-s...

[dewitt]

Oh come on, that first sentence is uncalled for.

Cromwellian (while awesome, and someone who never fails to impress me with his writing) is not speaking for Google, or even other Googlers. He is speaking for himself. As is his right, I'd hope you'd agree, even if you (like many) would disagree with some of the things he writes.

(Edit: you changed the first sentence. Which reads better, thank you. Though I would actually still make the case it's far less contemptuous regarding privacy than you suggest. Worth reading deeply, since I think what he is saying is nuanced.)

[majika]

My first sentence does not imply that he's speaking for Google, or other Google employees. cromwellian is an employee of Google, and I would regard his opinion here as being contemptuous of privacy.

Edit: okay, I see the implication now of me referring to all Google employees in that sentence. I had intended for the plural to refer to "more than one", which I think is a safe bet - but it could also be construed as referring to "all" employees. I've qualified the sentence with "some".

[mbreese]

>>> And here we see the contempt for privacy that employees of Google hold

Um... yes it did. You're trying to portray all of the employees of Google as being against privacy, and that's just simply not the case.

Besides that, the argument cromwellian was making is hardly unique to Googlers.

[cromwellian]

I've held this basic view of the Web far longer than I've been a Google employee (http://timepedia.blogspot.com/2008/05/decentralizing-web.htm...)

I wrote one of the first anonymizing proxy servers for the Web (http://cypherpunks.venona.com/archive/1996/02/msg00885.html) which was later referenced by others (Ian Goldberg references it here: http://www.cs.berkeley.edu/~daw/papers/privacy-compcon97-www...)

In the early days of Cypherpunks, I collaborated with Hal Finney, one of the founders of the technology behind BitCoin (http://cryptome.org/2014/09/hal-finney-cpunks-1992.htm) In fact, I sold a startup in 2000 that was based on HashCash, the forerunner to Reliable Proof Of Work/Blockchain.

I wrote one of the first Shamir sharing utilities for Unix, Cryptosplit. I authored one of the first Remailer 2.0 proposals on Cypherpunks, on ways of networks of PGP remailers to defeat traffic analysis. I wrote an anonymous forwarding, and later, a double blind anonymous mailing list software where neither the recipients of the list are known, nor the address of the mailing list itself. (http://cypherpunks.venona.com/archive/1993/09/msg00509.html)

I have been involved in cryptography and privacy since the mid 90s and I care deeply about it. But I am not an extremist. Just like I believe in capitalism, but I am not a libertarian/Objectivist/anarcho-capitalist, and I tend towards progressivism and regulation as reasonable requirements.

There is a fundamental tension between transparency and privacy.

We are heading into a scary world where the cost of cameras, microphones, and networking is going to zero, and the size is tending to zero. That means tracking will be cheap and ubiquitous. We will need to find a way of dealing with the implications of this, without going to live in a log cabin in the woods. Some of that is technological, some of it will be political/legal, and some of it will be cultural.

I love the Web, it's the greatest human invention since the printing press, but I fear for the balkanization of it, and the Internet. We need to tread carefully and not go overboard in being reactionary, lest we hurt the thing we love.

This is not being "contempuous" of privacy. It's considering the tradeoffs, looking at the threat model, and looking at the cost/benefits of various levels of privacy protection, all the way from "none" to "perfect privacy", and what the repercussions of that might be.

[majika]

Aside your abstract commentary here is a defense of your argument that the web will lose something valuable if more sites stop directing their visitors' browsers to send requests to advertizing companies and CDNs for resources. I think that's baloney - the web will be better off for it, because it will be faster, more private, and simpler.

No semantic information is lost (except for the semantic information in Google's profile graph - let me play my violin). There's no balkanization, because there's no noticeable difference to end-users (which is why cross-site requests for things like fonts is so nefarious).

The web would provide all the value it currently does, because that value is founded entirely on linking.

You seem to maintain that wanting to achieve private browsing is "paranoid". Can you expand on this belief?

[cromwellian]

In this particular case, I'm not particularly arguing against it, just in general, the way I see things going.

There are lots of other promising ways that people compose Web services beyond this issue with fonts, services like Stripe or Geo, technologies like the upcoming Web Components, embedding media like Tweets, where I don't particularly think we will be served well by a paranoid model.

Your model of blue-links-only almost entirely prevents the kinds of service composition that almost all sites engage in these days.

It's also not clear it's a net win for speed or security. CDN sites are likely significantly more hardened than most regular sites, and most regular sites don't necessarily scale, or don't want to pay to scale, to reach top performance. That means people cut corners.

[sitkack]

Your argument has analogous parallels between static and dynamic linking. That using 3rd party fonts, particularly those of a known personal metadata horder makes the web brittle both in structure and unduly trades the visitors metadata with a 3rd party. Pages are only faster, not semantically better by serving content from a third party.

I too prefer my pages to be statically linked.