- From: Yves Lafon <ylafon@w3.org>
- Date: Thu, 29 Sep 2011 13:20:03 -0400 (EDT)
- To: Mark Nottingham <mnot@mnot.net>
- cc: www-tag@w3.org
On Wed, 28 Sep 2011, Mark Nottingham wrote:
> None of this is genuinely new; technically, it was just as possible for an
> ISP to interpose a transparent proxy and mine the data flows 15 years ago.
> Except for the SSL bit (unless they can get you to click through and install
> a CA or ignore an alert).
Well, as content is rewritten, https links might as well be rewritten to
something that ends up on only one proxy server (potentially using SSL to
show that it is "safe"). So while SSL itself is ok, the rewriting makes
the use of SSL being potentially masking hijacking.
> If I were to be of a political bent, I'd notice that in the "developed"
> world, corporations are taking on the role that we frown upon so much in
> "less developed/free/enlightened" governments.
>
> I will reiterate (for the nth time) that it would be valuable for the W3C to
> specify what a "browser" is, in the sense of what protocols, formats and
> standards it supports and uses when you feed it a URL. Then it could point a
> finger at Amazon and say "that's not a browser, and it's bad because..."
Note that even it specifying what a "browser" is, specifying what those
Content-Transformation proxies can/should do was captured in a WG Note [1].
[1] http://www.w3.org/TR/ct-guidelines/
--
Baroula que barouleras, au tiƩu toujou t'entourneras.
~~Yves
Received on Thursday, 29 September 2011 17:20:06 UTC