- From: Glen <glen.84@gmail.com>
- Date: Mon, 13 Apr 2015 10:52:33 +0200
- To: Maxthon Chan <xcvista@me.com>, Jim Manico <jim@manico.net>
- CC: Yoav Nir <ynir.ietf@gmail.com>, Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Guys, emphasis on "Silly" examples. My point was that it is good to be reminded when submitting data over HTTP, and things that may seem public to you are private to others. Glen. On 2015/04/13 09:51, Maxthon Chan wrote: > Even with a company-assigned laptop it probably won’t raise much flags if a tech-savvy employee installed some virtual machine software on it and just say I have Ubuntu on VirtualBox on my machine and what would happen if the Ubuntu installation detected the MITM? > >> On Apr 13, 2015, at 00:18, Jim Manico <jim@manico.net> wrote: >> >>> - I'm submitting my CV from my current work place, who monitor traffic, and I don't want them to find out. >> Well even over HTTPS your big-company-employer owns you. They likely assigned you a laptop, they likely have a local CA whose public cert is installed in your browser as a local authority and now they can MITM all of your HTTPS traffic - even through HPKP - even gmail with Googles pinning in place in Chrome is plaintext to your employer. That's just the way of the world, right? >> >> But I still like this idea Glen, I'm just critiquing that one example. >> >> -- >> Jim Manico >> @Manicode >> (808) 652-3805 >> >>> On Apr 12, 2015, at 2:23 AM, Glen <glen.84@gmail.com> wrote: >>> >>> That's a good point. However, at the end of the day, what one person thinks is confidential may not be the same to somebody else. >>> >>> Silly examples: >>> >>> - I'm searching about some embarrassing illness, and I don't realize that someone may be tracking this information. >>> - I'm submitting my CV from my current work place, who monitor traffic, and I don't want them to find out. >>> >>> Without a warning you may not think about this. >>> >>> Yes, passwords, CC numbers, ID numbers, etc. are more private, but where do you draw the line? What about my physical address? >>> >>> At a *minimum*, this type of warning should be displayed when submitting a form that contains a password field. Unfortunately, there are no built-in input fields for other types of private data, and checking for common labels might not be that easy or effective. >>> >>> Yes, many people will hit "ignore" without even reading the prompt, but you can never control that, and if their information is compromised, it's their fault entirely. >>> >>> They could ignore future warnings for a particular form (based on the form action), the entire domain, or everywhere. >>> >>> Glen. >>> >>> On 2015/04/12 00:20, Yoav Nir wrote: >>>>> On Apr 11, 2015, at 11:45 PM, Jim Manico <jim@manico.net> wrote: >>>>> >>>>> >>>>> But Glen, your idea is still awesome. I think any form post over HTTP should provide the user with a pretty dramatic warning to not hit submit or at lest explain the risk similar to Chromes current pinning warning. >>>>> >>>> As others have said, browsers did try that. It certainly makes sense to warn if I’m about to submit my credit card number, social security (or equivalent), and other personal information. >>>> >>>> But any text box is a form. You can’t search Wikipedia without submitting a form. Doing what Glen suggests means that Wikipedia has to go to HTTPS or else have the users receive a warning when they search. So you’d have to have some “don’t bother me again” checkbox on the warning dialog, and that trains users to click this all the time, because you see that dialog box pretty much on any HTTP site. This is a common issue with every kind of UI warning that is most of the time a false positive. >>>> >>>> Ultimately, unless it’s secret (like a password or a CC number), I don’t think what you send is any more or less sensitive that what you receive. >>>> >>>> Yoav >>>> >>>> >>>>
Received on Monday, 13 April 2015 08:53:06 UTC