Re: [rtcweb] ICE exposes 'real' local IP to javascript

Den 06. feb. 2015 15:39, skrev Bjoern Hoehrmann:
> * Harald Alvestrand wrote:
>> I don't think we're communicating....
>>
>> you say:
>>
>> "saying that it is not to be used for other purposes in the specification."
>>
>> I assume that the specification is the one that says this, and "it"
>> refers to IP address information.
>>
>> Who would we (as specification writers) place this obligation upon?
>>
>> Browser implementors?
>> Web page writers?
>> Some yet unnamed third party?
> 
> It would be in the API specification and apply to users of the API.

Thanks for clarifying what you meant.

> I do
> not think it is useful to get hung up on this one example, but since you
> ask:
> 
>> As an example of requiring the Web page developers to behave a certain
>> way: At the moment the European Commission's ruling (which has
>> considerably more legal force behind it than standards specifications)
>> is that Web site managers have to notify their users that they use
>> cookies. How effective is that requirement in stopping the use of
>> cookies for nefarious purposes?
> 
> That does not limit use of cookies for anything. A better example would
> be corporations trying to work around browser features to disable third
> party cookies or users deleting cookies, where it's clear they are doing
> something contrary to the intent of certain features. To give an old and
> a recent example:
> 
>   http://www.ftc.gov/news-events/press-releases/2012/08/google-will-pay-225-million-settle-ftc-charges-it-misrepresented
>   https://www.eff.org/de/deeplinks/2015/01/ad-network-turn-will-suspend-zombie-cookie-program-when-will-verizon
> 

Asking nicely for page writers to not do bad things is certainly an option.

It doesn't defend against those people who are out to get you, but
perhaps nothing does that:

http://www.nytimes.com/2013/06/22/world/asia/chinese-advocates-devices-were-loaded-with-spyware-nyu-says.html

Received on Friday, 6 February 2015 14:53:35 UTC