Re: Simple Suggestion: Privacy Statement

From: Terje Bless (
Date: Wed, Sep 22 1999

Message-Id: <>
Date: Thu, 23 Sep 1999 02:15:22 +0200
From: Terje Bless <>
To: W3C Validator <>
cc: Nick Finck <>
Subject: Re: Simple Suggestion: Privacy Statement

On 22.09.99 at 15:04, Nick Finck <> wrote:

>How about a "Privacy Statement" link at the bottom?  I don't feel
>comfortable typing in a URL like
>"> when trying to
>validate secured pages.

Then don't. If you just ask for <URL:>,
the validator will proxy the authentication request back to you so you'll
get a standard browser authentication dialog. It will also display a
privacy statement of sorts.

>Is the data logged?  If so, is it secured?  What is logged? Who can see
>it?  Does that information get passed out to companies who purchase the
>information?  ..etc, etc.

The data is not logged. It exists in memory for a brief period of time, but
it is never written to any file. Someone with access to the machine could
conceivably manage to sniff out the data (by examining memory structures or
peeking at swap files), but at that point it would be easier to just
replace the validator with your own malicious version.

Of course, you only have Gerald's word that the version you are using is
the same one that the source code has been released for, but I'd tend to
take his word for it. :-)

If you are really paranoid you should download the source and use it
locally. That way you can be sure. OTOH, if you are paranoid you shouldn't
be using HTTP Basic authentication anyway. I'm paranoid, but am I paranoid
/enough/? :-)