W3C home > Mailing lists > Public > www-tag@w3.org > September 2011

Re: Amazon Silk

From: Yves Lafon <ylafon@w3.org>
Date: Thu, 29 Sep 2011 13:20:03 -0400 (EDT)
To: Mark Nottingham <mnot@mnot.net>
cc: www-tag@w3.org
Message-ID: <alpine.DEB.1.10.1109291313140.12177@wnl.j3.bet>
On Wed, 28 Sep 2011, Mark Nottingham wrote:

> None of this is genuinely new; technically, it was just as possible for an 
> ISP to interpose a transparent proxy and mine the data flows 15 years ago. 
> Except for the SSL bit (unless they can get you to click through and install 
> a CA or ignore an alert).

Well, as content is rewritten, https links might as well be rewritten to 
something that ends up on only one proxy server (potentially using SSL to 
show that it is "safe"). So while SSL itself is ok, the rewriting makes 
the use of SSL being potentially masking hijacking.

> If I were to be of a political bent, I'd notice that in the "developed" 
> world, corporations are taking on the role that we frown upon so much in 
> "less developed/free/enlightened" governments.
>
> I will reiterate (for the nth time) that it would be valuable for the W3C to 
> specify what a "browser" is, in the sense of what protocols, formats and 
> standards it supports and uses when you feed it a URL. Then it could point a 
> finger at Amazon and say "that's not a browser, and it's bad because..."

Note that even it specifying what a "browser" is, specifying what those 
Content-Transformation proxies can/should do was captured in a WG Note [1].

[1] http://www.w3.org/TR/ct-guidelines/

-- 
Baroula que barouleras, au tiƩu toujou t'entourneras.

         ~~Yves
Received on Thursday, 29 September 2011 17:20:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:48:39 GMT