- From: L. David Baron <dbaron@dbaron.org>
- Date: Wed, 16 Apr 2008 15:28:36 -0700
- To: Arve Bersvendsen <arveb@opera.com>, Maciej Stachowiak <mjs@apple.com>
- Cc: Travis Leithead <travil@windows.microsoft.com>, Lachlan Hunt <lachlan.hunt@lachy.id.au>, public-webapi <public-webapi@w3.org>
On Wednesday 2008-04-16 23:26 +0200, Arve Bersvendsen wrote:
> Also note that it is impossible to protect against Anne's suggested exploit
> where you load a randomized and unique tracker image as background or
> content for visited links, and do the data collection serverside instead.
It's not impossible; it just requires deviations from current
standards and probably a lot of work.
On Wednesday 2008-04-16 14:39 -0700, Maciej Stachowiak wrote:
> I'd like us to understand how it is feasible to every fully solve this
> problem before catering to partial solutions in the Selectors API spec.
My current thinking (from
https://bugzilla.mozilla.org/show_bug.cgi?id=147777#c65 ) is that
what we'd need to do to fix this is:
1. change CSS selector matching so that :visited rules are used
*only* for the non-alpha components of the 'color' and
'background-color' properties (and everything else is computed
based on the :link rules)
2. make getComputedStyle and any other APIs lie about those two
properties
I think anything short of (1), with perhaps a few additional allowed
properties, is subject to timing exploits (which are sometimes
inherently engine-dependent), such as the example in
https://bugzilla.mozilla.org/show_bug.cgi?id=147777#attach_135350
which works at least in some older versions of Mozilla and Opera.
I'm not sure whether this is something we actually *want* to do.
-David
--
L. David Baron http://dbaron.org/
Mozilla Corporation http://www.mozilla.com/
Received on Wednesday, 16 April 2008 22:30:19 UTC