- From: Amir Herzberg <herzbea@macs.biu.ac.il>
- Date: Tue, 13 Jun 2006 08:26:29 +0300
- To: Chris Drake <christopher@pobox.com>
- CC: public-usable-authentication@w3.org
Chris Drake wrote: > Hi Amir, > > Either you didn't look at googles demo, or you just got tricked by > that spoof web site? > http://guardpuppy.com/BrowserChromeIsDead.gif > > There is no browser window or popup of any kind shown in the above > picture. It's a <DIV>. It could just as easily be an <IMG> with a > <form> overlaying it via CSS. > Chris, this was very clear to me - in fact, the foils I've presented at the NYC meeting include this attack... OTOH, you may be right, there may already be enough tricks to do persistent user identification, and that may be a good technique. Can you provide a bit more detail or reference to what may be good persistent identifiers? Best, Amir Herzberg
Received on Tuesday, 13 June 2006 05:27:27 UTC