- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Wed, 1 Dec 2010 14:43:29 -0500
On Tue, Nov 30, 2010 at 6:15 PM, Ian Hickson <ian at hixie.ch> wrote: > It cannot, and should not. It's a user concern. If as a user I want all > data that you send me to be printed unencrypted and dropped out of my > office window for anyone to read, then I should be allowed to do that. :-) It's legitimate for an organization to require people to handle data in a certain way if they want web access to it. For instance, a company could reasonably require that if users want to work from home, they have to obey certain security practices to avoid leaking private data -- e.g., information about the company's clients or users that might be protected by privacy laws or company privacy policies. This might include using full-disk encryption to prevent physical theft, as well as other measures. However, as with DRM, I don't think such requirements can be checked in a standard way. If it's openly specified, users can evade it easily -- it only takes one person to write a browser extension to disable the check for everyone's workplace. Barring a down-to-the-metal chain of trust, you can never avoid this completely, but it's a lot harder to break an obfuscated company-specific binary blob than something standardized. So I think non-standard programs (plus perhaps physical inspection) will remain the only way to even attempt this kind of checking.
Received on Wednesday, 1 December 2010 11:43:29 UTC