W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: Reminder: RfC: Last Call Working Draft of Web Workers; deadline April 21

From: Jonas Sicking <jonas@sicking.cc>
Date: Wed, 20 Apr 2011 15:41:28 -0700
Message-ID: <BANLkTikSW3-=DrM3La-E_7d7hzM5Vzgwog@mail.gmail.com>
To: "Tab Atkins Jr." <jackalmage@gmail.com>
Cc: Travis Leithead <Travis.Leithead@microsoft.com>, Arthur Barstow <art.barstow@nokia.com>, "public-webapps-request@w3.org" <public-webapps-request@w3.org>, Adrian Bateman <adrianba@microsoft.com>, public-webapps <public-webapps@w3.org>
On Wed, Apr 20, 2011 at 3:19 PM, Tab Atkins Jr. <jackalmage@gmail.com> wrote:
> On Wed, Apr 20, 2011 at 3:13 PM, Jonas Sicking <jonas@sicking.cc> wrote:
>> On Wed, Apr 20, 2011 at 12:54 PM, Tab Atkins Jr. <jackalmage@gmail.com> wrote:
>>> Please correct me if I'm missing something, but I don't see any new
>>> privacy-leak vectors here.  Without Shared Workers, 3rdparty.com can
>>> just hold open a communication channel to its server and shuttle
>>> information between the iframes on A.com and B.com that way.
>>
>> Not if the user disables third-party cookies (or cookies completely), right?
>
> No, what I described is independent of cookies.  You just have to use
> basic long-polling techniques, so the iframe on A.com sends a message
> to the server, and the server then passes that message to the iframe
> on B.com.

But how does the server know to pair the two incoming connections and
forward data between them? If 50 users visit these sites, all the
server sees is 100 incoming connections with no idea which are coming
from the same user.

/ Jonas
Received on Wednesday, 20 April 2011 22:42:25 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:44 GMT