- From: Dan Connolly <connolly@w3.org>
- Date: Tue, 09 Feb 2010 13:47:50 -0600
- To: Tyler Close <tyler.close@gmail.com>
- Cc: Tim Berners-Lee <timbl@w3.org>, John Kemp <john@jkemp.net>, ashok.malhotra@oracle.com, Larry Masinter <masinter@adobe.com>, Jonathan Rees <jar@creativecommons.org>, "www-tag@w3.org" <www-tag@w3.org>, "Mark S. Miller" <erights@google.com>
On Mon, 2010-02-08 at 18:10 -0800, Tyler Close wrote: > On Mon, Feb 8, 2010 at 5:29 PM, Tim Berners-Lee <timbl@w3.org> wrote: > > > > On 2010-02 -08, at 07:41, John Kemp wrote: > > > > Yes, I believe that to be true too - apart from the case where a URI may end > > up being transmitted to another site "automatically" by means of the Referer > > HTTP header. > > > > > > Generalizing, you could argue that client software is written so as to store > > and remember and spread URIs, unlike passwords. So passwords are stored > > hidden away in some way, but browsing history and bookmarks are not. > > That seems like an enormous logical leap to take based only on the > Referer header. Surely you'd agree there are more information paths than the Referer header. I think Noah pointed out phishing detection services (though my understanding of those is that it's not that the browser sends URIs to the service, but rather the service sends lists of URIs to the browser, with periodic updates). You can easily copy and paste the URI of any page you're looking at into email etc. Then there are delicious bookmarklets etc. Hmm... these are deliberate actions by the user; somewhere else in the thread you discounted those, didn't you? I'll have to look again. I suspect Tim didn't consider that part of your argument. I wonder if it shows up in your draft text (of Mon, 8 Feb 2010 17:44:16 -0800). I'll have to look again... -- Dan Connolly, W3C http://www.w3.org/People/Connolly/ gpg D3C2 887B 0F92 6005 C541 0875 0F91 96DE 6E52 C29E
Received on Tuesday, 9 February 2010 19:47:52 UTC