[whatwg] Dealing with UI redress vulnerabilities inherent to the current web from Elliotte Harold on 2008-09-30 (public-whatwg-archive@w3.org from September 2008)

From: Elliotte Harold <elharo@metalab.unc.edu>
Date: Tue, 30 Sep 2008 07:55:17 -0700
Message-ID: <48E23DD5.9090204@metalab.unc.edu>

Smylers wrote:

>> That's a sometimes convenient feature for site developers,  but
>> there's nothing you can do with content loaded from two sites you
>> can't do with content loaded from one.
> 
> Here's some I can think of:
> 
> * Many sites are funded by displaying adverts from a third-party service
>   which picks appropriate ads for the current user-page combination.

Serve ads from the host site.

>   Further, I don't see how users can be tracked across multiple sites.
>   This is useful to serve users a variety of different ads, rather than
>   the same one lots of times, even as they read multiple sites which all
>   use the same third party ad service.
>

That's a feature, not a bug. Or another way: users shouldn't be able to 
be tracked across sites. That they are is a bug, not a feature.

> * Third party traffic analysis services, ranging from simple image hit-
>   counters to something like Google Analytics, require being part of a
>   page's loading.

Not all such services do require this though. Google Analytics 
implementation decisions are not the only ones possible.

I don't have time to respond in detail to each of the valid points your 
raise.  I may later. However each of them can be handled in a different 
way that doesn't require third party content and mashups. The reason we 
have designed these systems this way is because it was quick and easy, 
not because it was the only way to do these tasks. If we break these 
things such that third party content is no longer the simplest solution 
that could possibly work, then developers and sites will move on to the 
next simplest solution.

The bottom line is that bad implementation decisions made years ago with 
respect to third party content are causing security issues now. We can't 
paper over these problems. Anything less than addressing the root cause 
will fail.

Addressing the root cause will cause pain because a lot of systems you 
mention will have to be rewritten to work in the new world. So be it. 
Nothing else will work, and the sooner we recognize that, the sooner 
everything will be fixed.

-- 
Elliotte Rusty Harold  elharo at metalab.unc.edu
Refactoring HTML Just Published!
http://www.amazon.com/exec/obidos/ISBN=0321503635/ref=nosim/cafeaulaitA

Received on Tuesday, 30 September 2008 07:55:17 UTC