Re: Amazon Silk

On 9/28/2011 2:55 PM, Mark Nottingham wrote:
> I think it's of the same ilk as Opera Mini;

Seems so to me...

> None of this is genuinely new; technically, it was just as possible for
> an ISP to interpose a transparent proxy and mine the data flows 15
> years ago. Except for the SSL bit (unless they can get you to click
> through and install a CA or ignore an alert).

Indeed, though that SSL "bit" is significant.

> I will reiterate (for the nth time) that it would be valuable for the
> W3C to specify what a "browser" is, in the sense of what protocols,
> formats and standards it supports and uses when you feed it a URL. Then
> it could point a finger at Amazon and say "that's not a browser, and
> it's bad because..."

Yes, or we might say to users: "Be aware that the code that implements a 
browser need not be located on your local machine, and indeed need not be 
centralized on any one machine. Keep in mind that the browser is your "user 
agent"; you trust it with much information that is important and perhaps 
private to you, e.g. passwords as well as other important information that 
you enter into Web pages. The code that implements a browser often has 
access to information that is kept encrypted in other parts of the network. 
  In particular, browsers typically have the necessary keys and use them to 
decrypt information sent to you using HTTPS (example: a summary of your 
investments, your medical history, etc.) Therefore, particularly when 
browser functions are implemented on machines not under your physical 
control, it is important that you trust those who provide this service for 
you."

...or some such.

In short, I don't think we want to go down the road of implying that user 
agents must run on a user's machine. Rather, we should explain the 
consequences of the various ways of distributing (or not) the 
implementation of a user agent.

Noah

Received on Wednesday, 28 September 2011 22:42:43 UTC