- From: Domenic Denicola <d@domenic.me>
- Date: Wed, 10 Dec 2014 13:44:40 +0000
- To: "Eric J. Bowman" <eric@bisonsystems.net>, Chris Palmer <palmer@google.com>
- CC: Melvin Carvalho <melvincarvalho@gmail.com>, Mark Nottingham <mnot@mnot.net>, "www-tag@w3.org List" <www-tag@w3.org>
From: Eric J. Bowman [mailto:eric@bisonsystems.net] > Try to put yourself in the shoes of a forum operator wondering where everyone's gone. Possibly to forums that don't allow attackers (including those sitting next to them in the Starbucks public wifi), governments, or ISPs to: - track their usage (confidentiality) - insert ads into the forum's content, or - modify the opinions of people expressed therein to e.g. support certain products or avoid criticizing certain ideas (integrity) - steal their login credentials and impersonate them (authentication) As Wendy emphasizes, the fact that we as a community have been getting a free pass on these three properties for so many years doesn't mean they aren't important. > Copy https video url + paste into http post = empty iframe. This has nothing to do with https, but instead with X-Frame-Options, which is orthogonal. A http site can also prevent this, and if it does so, it will prevent both secure and insecure sites from embedding.
Received on Wednesday, 10 December 2014 13:45:14 UTC