Comment by rickcarlino

I’m pretty sure they talk about privacy directly in the spec, but I haven’t read the spec in years. Going off the top of my head, they had the decision to not include things like user agent headers or anything that resembles a cookie specifically with the goal of preserving privacy. There is also the obvious point of the protocol not supporting raw TCP sockets and requiring encryption by default.