W3C home > Mailing lists > Public > public-web-intents@w3.org > July 2012

Re: Explicit intents privacy concern

From: Greg Billock <gbillock@google.com>
Date: Tue, 24 Jul 2012 08:47:15 -0700
Message-ID: <CAAxVY9cgNyGcvZbDNE2hczp62-07LwWjpi2YNjy+0t7-qzasgA@mail.gmail.com>
To: Deepanshu Gautam <deepanshu.gautam@huawei.com>
Cc: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, "paulkinlan@google.com" <paulkinlan@google.com>, "public-web-intents@w3.org" <public-web-intents@w3.org>
On Mon, Jul 23, 2012 at 5:51 PM, Deepanshu Gautam
<deepanshu.gautam@huawei.com> wrote:
> The client site (Image Manager) may not be hostile but the service site (Image Editor) it send my data to, can be something I *don't like* or something I don't trust. As long as my data is with client site it is not compromised.

When using an explicit intent, the client site is integrating with a
particular service. If they can't use web intents to get your data
there, they can use another method. The point being, there are many
ways for this data transfer to happen once the client has the data. I
don't see the argument yet for closing it off for explicit intents.

> Regards
>
> Deepanshu Gautam
> Senior Engineer, Service Standards, Huawei
> O: +86 25 56620008 M: +8613585147627
>
>> -----Original Message-----
>> From: Greg Billock [mailto:gbillock@google.com]
>> Sent: Tuesday, July 24, 2012 4:59 AM
>> To: Frederick.Hirsch@nokia.com
>> Cc: paulkinlan@google.com; public-web-intents@w3.org
>> Subject: Re: Explicit intents privacy concern
>>
>> Sure, but the attacker here is the client site -- which by definition
>> already has the data. The point being, if that site is hostile, the
>> data is already compromised before an intent is ever invoked.
>>
>> On Mon, Jul 23, 2012 at 1:29 PM,  <Frederick.Hirsch@nokia.com> wrote:
>> > Yes, the major concern is that the data reaches a site without user consent
>> or involvement.
>> >
>> > The approach discussed in the face - face, the "speed bump" , is not to pass
>> the data with this initial connection, allow a user to go "back" without
>> sharing data
>> >
>> >
>> > regards, Frederick
>> >
>> > Frederick Hirsch
>> > Nokia
>> >
>> >
>> >
>> > On Jul 23, 2012, at 2:20 AM, ext Paul Kinlan wrote:
>> >
>> >> My general thought would be that this is mitigated by the fact that we can
>> deliver data asynchronously, and if required get the users approval to let the
>> data in to the service app.
>> >>
>> >> I think some of the worry is that I am don't have the service installed,
>> because I don't know where the data is going when I click on the button in a
>> client page, it might open up Facebook or G+ and I might find that my data
>> being visible to these abhorent, it might be worse to the user if the service
>> invoked is a site that is completely untrusted.
>> >>
>> >> P
>> >
>
Received on Tuesday, 24 July 2012 15:47:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 24 July 2012 15:47:49 GMT