- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Thu, 30 Jun 2011 16:53:29 -0400
- To: www-style@w3.org
On 6/30/11 4:42 PM, Glenn Adams wrote: > So, as I've previously said, this is only about content protection > mechanisms and their enforcement. There is no security risk on the part > of the end user Let's be concrete here. Say you're the user. You have a document up on Google Docs. This document is not public. You have to be logged in as yourself to access it. Is there risk on your part if some random website can read the document just because you happen to visit it while logged in to Google Docs in another browser window? If not, then I think we're done here: we fundamentally disagree on what constitutes risk to users. If there is risk to the user in this situation, then does it matter what form of document it is? Word document, spreadsheet, image, HTML page, something else? If it does not, then what's special about fonts? If it does matter, then why? The fact is, cross-site access to resources that can only be gotten with the user's credentials leaks information about the user to third parties. This is a security risk on the part of the user. -Boris
Received on Thursday, 30 June 2011 20:54:11 UTC