- From: Adam Barth <whatwg@adambarth.com>
- Date: Sat, 18 Jul 2009 16:12:23 -0700
On Fri, Jul 17, 2009 at 4:10 PM, Ian Hickson<ian at hixie.ch> wrote: > Suppose that there is a tool where someone can write some text, in which > case the text will be displayed when the page is loaded. Suppose that > whether the person has written this text is confidential, and that whether > one had entered text there or not would reveal something that the user > would prefer to keep secret. > > You could use this API to tell whether or not another user had entered > text, by opening an iframe to that page, and then trying to scroll from > distance n to distance n+10 many times in a loop, and timing how long it > takes to do the scroll. If there is no more content in the page, then > scrolling to n and n+10 would take less time than it would if there was > more content (since scrolling is slower than doing nothing). I suspect you could extract that information more easily by just timing the page load: http://crypto.stanford.edu/~abortz/papers/timingweb.pdf Adam
Received on Saturday, 18 July 2009 16:12:23 UTC