W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2011

[whatwg] whatwg Digest, Vol 82, Issue 10

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 05 Jan 2011 21:21:03 -0800
Message-ID: <4D25513F.80505@mit.edu>
On 1/5/11 3:54 PM, Aryeh Gregor wrote:
> On Wed, Jan 5, 2011 at 1:34 AM, Boris Zbarsky<bzbarsky at mit.edu>  wrote:
>> I wouldn't.  Just because a user trusts some particular entity to know
>> exactly where they are, doesn't mean they trust their stalker with that
>> information.  I picked geolocation specifically, because that involves an
>> irrevocable surrender of personal information, not just annoyance like
>> disabling the context menu.
>
> It's not really irrevocable.

How do you revoke it?  Once someone knows where you are, they know it. 
You can't make them stop knowing it.

> A MITM only has access to the info as
> long as he's conducting the MITM.

The above concern was in the context of site bugs allowing script 
injection of various sorts, not just MITM.

> As soon as the attack ends, the
> attacker stops getting info.  Moreover, anyone who's intercepting your
> Internet traffic could probably make a good guess at your location
> anyway, such as by looking up your IP address or triangulating
> latency.

http://www.technologyreview.com/web/26981/page1/ might be worth reading.

-Boris
Received on Wednesday, 5 January 2011 21:21:03 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:29 UTC