Comment by Brian_K_White
13 hours ago
You are trying to express something that is logically impossible. Not technically difficult or socio-economically difficult to get companies to agree to or get users to care about, simply not a valid string of words.
There is no way not to send information back to the host.
Merely requesting a document is sending information to a host.
I don't mean all the extra metadata in the request header or cookies let alone the all the functionality in javascript or wasm or plugins, I mean nothing more than the name of a document, the bare minimum info required to get something you want it to give you.
If you want me to give you an apple, at the very least you have to tell me to give you an apple.
It all started with nothing more than that bare function, and we don't even want any less than that.
You do need to be able to request a document, and there is no way for a client to prevent a server from replacing a simple static document with a cgi script that performs logic based on the file name. Even without the extra cgi query string, just a document name itself.
But about query strings... there is no way to make a typical query string illegal anyway. It's all just strings of characters. Anything can be encoded within anything else. If you try to make a system that makes say the & and ? characters illegal, that accomplishes exactly nothing.
You just pick any sequence of legal charaters and interpret those in place of the old ? and &, and = and % and anything else you want that doesn't look like part of a legal file or document name.
The special encoded charaters can even be different for each document, even different for each request. It's not possible to make a rule that prevents it.
Let's go totally off the deep end and say that you aren't even allowed to make up your own file names any more. All documents on earth have known names in a whitelist. You can't encode anything because every valid document has a known name and known content. Then you can still encode information in the pattern of access. Requesting file A followed by file F means something extra to you and the server.
But don't take my naysayer defeatist lack of imagination word for it. Go ahead and try to actually explain how the system should work.
Ok tone it down a little.
Caching, distributed sharing, the lack of a redirect mechanism or cookies all can contribute particularly if the goal is kneecapping surveillance but not the platonic ideal of secrecy.
For example, you can't do very much surveillance with DNS or bittorrent.