- From: Deepanshu Gautam <deepanshu.gautam@huawei.com>
- Date: Tue, 24 Jul 2012 00:51:33 +0000
- To: Greg Billock <gbillock@google.com>, "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>
- CC: "paulkinlan@google.com" <paulkinlan@google.com>, "public-web-intents@w3.org" <public-web-intents@w3.org>
The client site (Image Manager) may not be hostile but the service site (Image Editor) it send my data to, can be something I *don't like* or something I don't trust. As long as my data is with client site it is not compromised. Regards Deepanshu Gautam Senior Engineer, Service Standards, Huawei O: +86 25 56620008 M: +8613585147627 > -----Original Message----- > From: Greg Billock [mailto:gbillock@google.com] > Sent: Tuesday, July 24, 2012 4:59 AM > To: Frederick.Hirsch@nokia.com > Cc: paulkinlan@google.com; public-web-intents@w3.org > Subject: Re: Explicit intents privacy concern > > Sure, but the attacker here is the client site -- which by definition > already has the data. The point being, if that site is hostile, the > data is already compromised before an intent is ever invoked. > > On Mon, Jul 23, 2012 at 1:29 PM, <Frederick.Hirsch@nokia.com> wrote: > > Yes, the major concern is that the data reaches a site without user consent > or involvement. > > > > The approach discussed in the face - face, the "speed bump" , is not to pass > the data with this initial connection, allow a user to go "back" without > sharing data > > > > > > regards, Frederick > > > > Frederick Hirsch > > Nokia > > > > > > > > On Jul 23, 2012, at 2:20 AM, ext Paul Kinlan wrote: > > > >> My general thought would be that this is mitigated by the fact that we can > deliver data asynchronously, and if required get the users approval to let the > data in to the service app. > >> > >> I think some of the worry is that I am don't have the service installed, > because I don't know where the data is going when I click on the button in a > client page, it might open up Facebook or G+ and I might find that my data > being visible to these abhorent, it might be worse to the user if the service > invoked is a site that is completely untrusted. > >> > >> P > >
Received on Tuesday, 24 July 2012 00:53:27 UTC