W3C home > Mailing lists > Public > www-validator@w3.org > September 1999

Re: Simple Suggestion: Privacy Statement

From: Terje Bless <link@tss.no>
Date: Thu, 23 Sep 1999 02:15:22 +0200
Message-Id: <199909230018.CAA09719@vals.intramed.rito.no>
To: W3C Validator <www-validator@w3.org>
cc: Nick Finck <nick@whitehorse.com>
On 22.09.99 at 15:04, Nick Finck <nick@whitehorse.com> wrote:

>How about a "Privacy Statement" link at the bottom?  I don't feel
>comfortable typing in a URL like
>http://username:password@www.domainname.com/etc/etc/ when trying to
>validate secured pages.

Then don't. If you just ask for <URL:http://www.domainname.com/etc/etc/>,
the validator will proxy the authentication request back to you so you'll
get a standard browser authentication dialog. It will also display a
privacy statement of sorts.

>Is the data logged?  If so, is it secured?  What is logged? Who can see
>it?  Does that information get passed out to companies who purchase the
>information?  ..etc, etc.

The data is not logged. It exists in memory for a brief period of time, but
it is never written to any file. Someone with access to the machine could
conceivably manage to sniff out the data (by examining memory structures or
peeking at swap files), but at that point it would be easier to just
replace the validator with your own malicious version.

Of course, you only have Gerald's word that the version you are using is
the same one that the source code has been released for, but I'd tend to
take his word for it. :-)

If you are really paranoid you should download the source and use it
locally. That way you can be sure. OTOH, if you are paranoid you shouldn't
be using HTTP Basic authentication anyway. I'm paranoid, but am I paranoid
/enough/? :-)
Received on Wednesday, 22 September 1999 20:18:37 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 14:17:25 UTC