- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 05 Jan 2011 21:21:03 -0800
On 1/5/11 3:54 PM, Aryeh Gregor wrote: > On Wed, Jan 5, 2011 at 1:34 AM, Boris Zbarsky<bzbarsky at mit.edu> wrote: >> I wouldn't. Just because a user trusts some particular entity to know >> exactly where they are, doesn't mean they trust their stalker with that >> information. I picked geolocation specifically, because that involves an >> irrevocable surrender of personal information, not just annoyance like >> disabling the context menu. > > It's not really irrevocable. How do you revoke it? Once someone knows where you are, they know it. You can't make them stop knowing it. > A MITM only has access to the info as > long as he's conducting the MITM. The above concern was in the context of site bugs allowing script injection of various sorts, not just MITM. > As soon as the attack ends, the > attacker stops getting info. Moreover, anyone who's intercepting your > Internet traffic could probably make a good guess at your location > anyway, such as by looking up your IP address or triangulating > latency. http://www.technologyreview.com/web/26981/page1/ might be worth reading. -Boris
Received on Wednesday, 5 January 2011 21:21:03 UTC