Re: Automatic Entry and Forms

Lee Shombert (las@severn.wash.inmet.com)
Mon, 26 Feb 1996 13:01:03 -0500


Date: Mon, 26 Feb 1996 13:01:03 -0500
From: las@severn.wash.inmet.com (Lee Shombert)
Message-Id: <9602261801.AA07294@severn.wash.inmet.com>
To: ajack@corp.micrognosis.com
Cc: las@severn.wash.inmet.com, www-html@w3.org
In-Reply-To: <Pine.SUN.3.91.960226110146.28665A-100000@singhi> (message from Adam Jack on Mon, 26 Feb 1996 11:19:55 -0500 (EST))
Subject: Re: Automatic Entry and Forms

> > In order to implement automatic entry, you must have a personal database
> > that is accessible in a known way.  Any program, not just a browser, will be
> > able to read this database.
> > [...]
> 
> This is patently incorrect. Does your e-mail tool tell the world your
> alias list? No! The tool maintains a private database for you and no
> other application is allowed access to it. 

Actually, it would be quite simple for Netscape to read my ~/.mailrc file
and transmit that to anyone in the world.  

It would be just as easy for any tool to read the c:\netscape\personal.dat
file and transmit it to anyone in the world.

There is no way to disallow access to a the browser database except through
encryption.  Remember - you own the file and you own the browser process.
In the absence of encryption my argument stands: the proposal encourages
people to expose personal information to unscrupulous outsiders.

> This topic has suffered from more than its fair share of incorrect 
> extrapolation. Please lets keep the discussion on the proposal
> not on privacy in general.

Should we discuss how to manufacture Olestra and ignore the health issues?
Should we discuss building power plants and ignore the environmental issues?
Should we discuss the web and ignore privacy issues?

I think not.  The original http spec had a section on security.  I think
that the automatic forms entry proposal has serious security/privacy issues
and these had better be well understood by users.  

Rather than attempt to suppress the privacy issue, you would better serve
the proposal by admitting the problem, admitting you cannot fix it, and end
with a big CAVEAT EMPTOR.  

Better yet would be a solution that protects the information.  But any
solution that depends on good behavior from programs is no solution at all.

                                                  Signing off,
                                                  Lee