Tuesday, March 10, 2009

Privacy first? No thanks, give me the standard behavior

Speaking of feedback from you early Telsters (love the name!), you've overwhelmingly voted against our assumption that you'd prefer automatic privacy login over having a nice URL.

Here's the issue as it purely relates to the Web proxy of a .tel, and it is mostly due to security features of cookies handling: When you hit for example http://henri.tel, you'll be "redirected" to a server under the domain webproxy.nic.tel. The reason behind that is twofold: one, we're load balancing with unicast to the closest server farm; and two, we have to move you over to the nic.tel domain so that the Telfriends cookies work across all .tel domains.
The "redirection" is still to the same IP address and server farms, and allows the viewer of a domain who's logged in to Telfriends to automatically stay logged in whatever .tel domain he's viewing, and see private data for his friends automatically (via his nic.tel cookie). If cookies could be global to .tel (and not to mydomain.tel), we wouldn't be having this problem.

That said, an overwhelming majority of Telsters want and expect to see yourname.tel on the URL bar. Clearly understood. So what we're going to do first is give up the automatic Telfriends login: a user will need to click once to initiate the login (but won't need to reenter his credentials) and won't see the private data unless he effects the click.
With that in mind, we won't be required to redirect to a nic.tel domain to pick up the Telfriends cookie. And we can then work on determining how to handle a change to the load balancing that won't generate a url change.

More tech updates on this as we dig deeper and decide on the best approach.

Note: of course this only applies to viewing .tel data from the Web. Native apps that grab the data directly from the DNS are not affected.

No comments: