- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Tue, 15 Jul 2008 14:01:34 -0500
On Tue, Jul 15, 2008 at 1:30 PM, Gervase Markham <gerv at mozilla.org> wrote: > Csaba Gabor wrote: > >> Therefore, it makes sense to float those values to the top of the >> select element in a reasonable way. What's reasonable? I would like >> to suggest: frequencyLimit=percent >> > > I assume you would want this to work across different sites? If so, you > have a privacy problem. I can tell with fairly good certainty what state you > are from without you telling me; I just set up a hidden one of these and > query the DOM. I can also find out the expiry month and year of your main > credit card. > > Gerv > Good catch. The proposed implementation appears to intended to be cross-site, as it would key the frequency data off of the checksum computed from the select (that is, purely from the chunk of code that the select comprises). It would not be difficult for evil sites to simply copy the exact structure of <select>s on major sites and do as you suggest. Perhaps checksumming off of a combination of the select text and the URI of the document? This reduces the ability to have, say, Texas always float to the top of select elements, but that's already out of the question. At least it would allow a single often-visited site to compile your usage statistics. A thought: the intended use of the suggestion (allowing <select>s across the internet to auto-recognize you) isn't likely to work in any case, simply because it's unlikely that many sites will write their code exactly the same. Nearly all sites would have to recognize your preferences individually and associate them with a personal checksum. The only sites that are likely to benefit from your expressed preferences are the individual sites you select on, and evil sites doing as Gervase suggests. As well, though an intelligent implementation of this *would* be somewhat convenient in reducing keystrokes, it produces a potential decrease in usability when different sites place your preferred selection in vastly different places. Existing practices produce nearly identical selects in the cases that this proposal is intended for (common dropdowns, like state and such), merely because there is already a defined ordering and most places just copy their code from someone else because it's easier than typing out all of the options. I know that I get *very* confused when United States isn't in its expected place (at the top of the list, of course, since I'm such a country chauvinist), and would have a similar problem if my state were moved around - I've internalized about how far down I need to scroll to see my state on a dropdown. ~TJ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080715/04f83129/attachment.htm>
Received on Tuesday, 15 July 2008 12:01:34 UTC