Disrupting the internet

#The internet currently sucks

I challenged myself to find a way to rid the internet of those annoying browser cookie warnings. The best way would be to get rid of cookies altogether because then those warnings wouldn't be needed anymore, right?

Well, we don't have to get rid of them completely. Cookies use browser-based storage but also require explicit user permission on a domain-by-domain basis. Thanks to the EU and its well-intentioned but poorly implemented legal policies, the web has become a wasteland of cookie permission request roadblocks.

#Introducing HTTP-DRUID

So here's a crazy idea...

Instead of using existing devices such as domain-generated cookies, sessions could instead rely on a similar browser-generated device.

Instead of the server generating and writing the client to the browser with arbitrary information, the browser generates a "cookie" with an ID unique to the visiting domain.

Those are the only differences: browser-generated and storing only a unique identifier instead of arbitrary information.

#Benefits to HTTP-DRUID

A Domain Restricted Unique Identification Device (DRUID) would be just another HTTP header (that's really what cookies are). DRUID strings would be frictionless and would not require any setup or acceptance by users because they are automatically generated by the client (their browser) they're using. They also form part of web requests since they'd be HTTP headers. This means that they should bypass the EU cookie law so any website that adopts the protocol can scrap their cookie warning banners.

#A passwordless internet

Because users with HTTP-DRUID enabled browsers would be uniquely identifiable by the websites they visit, password-based authentication would no longer be needed. They would be quarantined to their associated website so a DRUID's data wouldn't leak and be visible to 3rd party websites.

Websites would be able to sign users up with a single click, and keep them signed in without client-generated cookies.

Combining this with the Slack-esque magic login link technique, passwords would no longer be required for most web services. An initial HTTP request in a secondary browser to a magic URL (sent to you via email) can allow the web service to append the new DRUID to the user's list of account DRUIDS in the service's database.