Re: ACTION-278 Hiding metadata for security reasons

On Mon, 2010-02-08 at 18:10 -0800, Tyler Close wrote:
> On Mon, Feb 8, 2010 at 5:29 PM, Tim Berners-Lee <timbl@w3.org> wrote:
> >
> > On 2010-02 -08, at 07:41, John Kemp wrote:
> >
> > Yes, I believe that to be true too - apart from the case where a URI may end
> > up being transmitted to another site "automatically" by means of the Referer
> > HTTP header.
> >
> >
> > Generalizing, you could argue that client software is written so as to store
> > and remember and spread URIs, unlike passwords. So passwords are stored
> > hidden away in some way, but browsing history and bookmarks are not.
> 
> That seems like an enormous logical leap to take based only on the
> Referer header.

Surely you'd agree there are more information paths than the
Referer header. I think Noah pointed out phishing detection
services (though my understanding of those is that it's
not that the browser sends URIs to the service, but rather
the service sends lists of URIs to the browser, with
periodic updates).

You can easily copy and paste the URI of any page you're
looking at into email etc.

Then there are delicious bookmarklets etc.

Hmm... these are deliberate actions by the user; somewhere
else in the thread you discounted those, didn't you?
I'll have to look again. I suspect Tim didn't consider that
part of your argument. I wonder if it shows up in your draft text
(of Mon, 8 Feb 2010 17:44:16 -0800). I'll have to look again...



-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
gpg D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E

Received on Tuesday, 9 February 2010 19:47:52 UTC