On Sat, 31 Aug 2013 02:04:59 +0200, L. David Baron <dbaron@dbaron.org> wrote: > If we standardize on a set of colors, I think it would make more > sense to use a set of colors from the default theme of a recent > Windows version than to use the Android/iOS defaults. Works for me. Why do you think that would make more sense? Because the CSS system colors were copied from Windows? > So I think there are two separate privacy/security concerns: > spoofing (presenting fake dialogs to the user that appear to be > real) and fingerprinting (using data that differs between users to > identify them). > > In practice, I'm not that worried about spoofing. Users seem to be > spoofed just fine with screenshots of dialogs. (Perhaps that's a > sign that there's so much non-native-looking UI around that users > have no expectation of native-looking UI.) Though spoofing could > become more of a risk in the future, I suppose. > > The fingerprinting is perhaps more of a real concern, but I think > this is far from the worst fingerprinting vector available in CSS. > (I suspect that's fonts.) I agree. Do you think it is pointless to get rid of weak fingerprint vectors so long as there are stronger fingerprint vectors? -- Simon Pieters Opera SoftwareReceived on Monday, 2 September 2013 07:51:01 UTC
This archive was generated by hypermail 2.4.0 : Monday, 23 January 2023 02:14:31 UTC