W3C home > Mailing lists > Public > public-tracking@w3.org > April 2012

Re: is a site-wide exception 'safe'?

From: David Singer <singer@apple.com>
Date: Mon, 09 Apr 2012 13:50:01 -0700
Cc: ifette@google.com, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
Message-id: <94424C96-EB15-4D9C-ADDC-C76D6DCF1383@apple.com>
To: Thomas Roessler <tlr@w3.org>
Sure, I shoulda said that if you use insecure communications, you're not just trusting the end-point, but also (perhaps unwisely) everyone in between…

On Apr 8, 2012, at 7:22 , Thomas Roessler wrote:

> On 2012-04-07, at 23:12 -0400, Ian Fette (イアンフェッティ) wrote:
> 
>> While interesting, intermediaries changing the content of the page could wreak all sorts of havoc, such as requesting exceptions for third parties on behalf of what appears to be the original site but is actually the intermediary and not the site. I suggest we treat such issues as out of scope...
> 
> Not just requesting exceptions:  also, changing the content or logic of a Web site badly.
> 
> 
>> -Ian
>> 
>> On Sat, Apr 7, 2012 at 8:00 PM, David Singer <singer@apple.com> wrote:
>> If internet portals can choose to insert ads onto pages that previously did not have them, what this mean for a "site/*" permission from the user?  Exactly whose choice of advertiser are they trusting?
>> 
>> <http://tech.slashdot.org/story/12/04/07/1722201/some-hotspot-operators-secretly-intercept-insert-ads-in-web-pages>
>> 
>> David Singer
>> Multimedia and Software Standards, Apple Inc.
>> 
>> 
>> 
> 

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Monday, 9 April 2012 20:50:34 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:27 UTC