- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Wed, 20 Apr 2011 15:19:36 -0700
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: Travis Leithead <Travis.Leithead@microsoft.com>, Arthur Barstow <art.barstow@nokia.com>, "public-webapps-request@w3.org" <public-webapps-request@w3.org>, Adrian Bateman <adrianba@microsoft.com>, public-webapps <public-webapps@w3.org>
On Wed, Apr 20, 2011 at 3:13 PM, Jonas Sicking <jonas@sicking.cc> wrote: > On Wed, Apr 20, 2011 at 12:54 PM, Tab Atkins Jr. <jackalmage@gmail.com> wrote: >> Please correct me if I'm missing something, but I don't see any new >> privacy-leak vectors here. Without Shared Workers, 3rdparty.com can >> just hold open a communication channel to its server and shuttle >> information between the iframes on A.com and B.com that way. > > Not if the user disables third-party cookies (or cookies completely), right? No, what I described is independent of cookies. You just have to use basic long-polling techniques, so the iframe on A.com sends a message to the server, and the server then passes that message to the iframe on B.com. As Drew mentions, cookies are another way to pass this information around, as are multiple other shared-in-a-domain information sources. ~TJ
Received on Wednesday, 20 April 2011 22:20:25 UTC