Re: Amazon Silk

On Wed, 28 Sep 2011, Mark Nottingham wrote:

> None of this is genuinely new; technically, it was just as possible for an 
> ISP to interpose a transparent proxy and mine the data flows 15 years ago. 
> Except for the SSL bit (unless they can get you to click through and install 
> a CA or ignore an alert).

Well, as content is rewritten, https links might as well be rewritten to 
something that ends up on only one proxy server (potentially using SSL to 
show that it is "safe"). So while SSL itself is ok, the rewriting makes 
the use of SSL being potentially masking hijacking.

> If I were to be of a political bent, I'd notice that in the "developed" 
> world, corporations are taking on the role that we frown upon so much in 
> "less developed/free/enlightened" governments.
>
> I will reiterate (for the nth time) that it would be valuable for the W3C to 
> specify what a "browser" is, in the sense of what protocols, formats and 
> standards it supports and uses when you feed it a URL. Then it could point a 
> finger at Amazon and say "that's not a browser, and it's bad because..."

Note that even it specifying what a "browser" is, specifying what those 
Content-Transformation proxies can/should do was captured in a WG Note [1].

[1] http://www.w3.org/TR/ct-guidelines/

-- 
Baroula que barouleras, au tiƩu toujou t'entourneras.

         ~~Yves

Received on Thursday, 29 September 2011 17:20:06 UTC