W3C home > Mailing lists > Public > www-tag@w3.org > May 2010

Detecting Browser History from Schneier on Security

From: Jonathan Rees <jar@creativecommons.org>
Date: Fri, 21 May 2010 09:19:18 -0400
Message-ID: <AANLkTikvyaNXGpvHDX3ZhxSuT9WGfu3Rb74u-XLyNpyp@mail.gmail.com>
To: www-tag@w3.org
re ISSUE-31 (metadata in URI), sub-issue secrets-in-URIs

http://www.schneier.com/blog/archives/2010/05/detecting_brows.html
"All major browsers allow their users' history to be detected"

Note
(a) this confirms the claim made in TAG discussion that URIs that one
navigates to are sometimes not well protected
(b) it is taken for granted that this is a bug (privacy breach) that
needs to be fixed, and that can be (i.e. the FF developers think that
protecting URIs is "best practice")

If I understand correctly the attack only applies to guessable URIs.

Jonathan
Received on Friday, 21 May 2010 13:19:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:20 GMT