James, using prompts to have users make choices is a terrible “solution” to the privacy problem. For one, because people don’t read them. For another, because they create security holes (for instance, many currently shipping browsers can be ‘hostaged’ by cleverly applying onbeforeunload, frames, redirection, or some combination thereof). For another, because it inevitably increases fingerprintability. For yet another, because if I have 5 bits of info I need for my website, either the browser will have to show 5 prompts (which is even more terrible UX) or we’ll need to compromise on security (ie access to one thing means access to everything). For yet another, because you’re opening users up to phishing-type things. Anyone can have the prompt say “I need this information to provide you with a better experience”, and then sell the information on. And finally, it seems the draft doesn’t care about authentication, so if the website isn’t using good SSL for all it does, the data will leak to e.g. ISPs, who I’m sure would also be interested…

I don’t see the draft providing any more protection than the prompt. That seems to be the central privacy feature of the draft. To be sure, from a fundamental perspective, if you have information X and you want to make it available to others, you essentially need the user to determine intent and what privacy guarantees the website gives. We as users are notoriously bad at making that judgment.