this post was submitted on 06 Sep 2024
30 points (91.7% liked)

Firefox

17815 readers
8 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
30
Why doesn't Firefox implement Private State Tokens? (reddthat.com)
submitted 1 month ago by 101@reddthat.com to c/firefox@lemmy.ml
5 comments fedilink hide all child comments
 

As far as my understanding go, Private State Tokens is supposed to be a huge improvement over cookies in terms of security and privacy, which make ask about the reason they are not implemented on Firefox.

you are viewing a single comment's thread
view the rest of the comments
[–] CountVon@sh.itjust.works 51 points 1 month ago (1 children)

Private State Tokens are Google's implementation of the IETF Privacy Pass protocol. Apple has another implementation of the same protocol named Private Access Tokens. Mozilla has taken a negative position against this protocol in its current form, and its existing implementations in their current forms. See here for their blog post on the subject, and here for their more in-depth analysis.

[–] isVeryLoud@lemmy.ca 1 points 1 month ago (1 children)

tl;dr why have they taken a stance against it?

[–] CountVon@sh.itjust.works 2 points 1 month ago (1 children)

Tl;Dr the protocol requires there to be trusted token providers that issue the tokens. Who do you suppose are the trusted providers in the Google and Apple implementations? Google and Apple respectively, of course. Maybe eventually there would be some other large incumbents that these implementers choose to bless with token granting right. By its nature the protocol centralizes power on the web, which would disadvantage startups and smaller players.

[–] isVeryLoud@lemmy.ca 1 points 1 month ago

Ah yes, the RCS problem. Thanks for the clarification!