- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 30 Jul 2009 23:08:42 +0000 (UTC)
On Sat, 18 Jul 2009, Adam Barth wrote: > On Fri, Jul 17, 2009 at 4:10 PM, Ian Hickson<ian at hixie.ch> wrote: > > Suppose that there is a tool where someone can write some text, in which > > case the text will be displayed when the page is loaded. Suppose that > > whether the person has written this text is confidential, and that whether > > one had entered text there or not would reveal something that the user > > would prefer to keep secret. > > > > You could use this API to tell whether or not another user had entered > > text, by opening an iframe to that page, and then trying to scroll from > > distance n to distance n+10 many times in a loop, and timing how long it > > takes to do the scroll. If there is no more content in the page, then > > scrolling to n and n+10 would take less time than it would if there was > > more content (since scrolling is slower than doing nothing). > > I suspect you could extract that information more easily by just > timing the page load: > > http://crypto.stanford.edu/~abortz/papers/timingweb.pdf Yes, that would be another way of getting this information. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 30 July 2009 16:08:42 UTC