Re: In what circumstances is "delayed execution" acceptable on the web?

On Fri, Nov 13, 2015 at 10:38 AM, Jake Archibald
<jakearchibald@google.com> wrote:
> We considered this as the "wikileaks" case. A user who creates a wikileaks
> background sync at home may not want that to fire at work.
>
> Given that background sync is only available over https, there isn't the
> MITM worry in terms of observing data transmitted, but yeah the destination
> IP could be observed. However, the observer wouldn't be able to reliably
> tell posting to wikileaks apart from the user pressing "w" in their location
> bar, it autocompleting to wikileaks and triggering a preload request.

Can't they tell how much encrypted data was transmitted? And even
ignoring that you can tell it apart from a preload request as visiting
wikileaks.org also hits search.wikileaks.org at least.


-- 
https://annevankesteren.nl/

Received on Friday, 13 November 2015 10:06:27 UTC