[cap-talk] Toolbars and unguessable URLs

Mike Samuel mikesamuel at gmail.com
Wed Sep 24 02:45:56 CDT 2008

2008/9/24 Mark Miller <erights at gmail.com>

> Do these toolbars capture URL fragments? (The part after the "#")

On terminology,
According to HTML5 <http://www.w3.org/html/wg/html5/#terminology0>, a URL is
a valid URI reference <http://www.w3.org/html/wg/html5/#references> or
(stuff about IRIs).
A URI cannot have a hash part according to RFC
A "URI Reference" can have a fragment.

Target of an HTTP Request (as reconstructed from the Request-URI and host
HTTP Referer header

URI Reference
URL bar
Value of <A> tags HREF
Location HTTP Response header value
Value of DOM2 document.location

According to privacy policies
Certain optional Toolbar features operate by sending Google the addresses or
other information about sites when you visit them. Web
PageRank <http://www.google.com/support/toolbar/bin/answer.py?answer=79837>,
and Safe Browsing in Enhanced Mode all work this way. In addition, if you
use Safe Browsing, when Google warns you about a suspicious site we may also
log that site's URL and whether you accepted, rejected, or closed the
warning message. We will let you know when you are enabling a feature that
automatically sends page addresses to Google, and you can turn these
features off at any time.

When you consent to this feature, Yahoo! Toolbar will transmit the following
information to Yahoo!: complete web site addresses (URLs) from all the web
sites you visit, referring and redirect URLs, unique Toolbar identifier,
product performance data like page load speed, and other information
provided by your browser including yahoo.com domain cookies.

If Yahoo is sending the complete referer then it is definitely sending URI
references.  With the Google toolbar privacy policy, it's less clear.

> On Tue, Sep 23, 2008 at 1:30 PM, ♘ stay <stay at google.com> wrote:
>> Browser toolbars from internet search companies routinely capture URLs
>> that users go to and then index them.  This seems like a Very Bad
>> Thing with respect to URLs as capabilities.
>> --
>> Mike Stay
>> stay at google.com
>> _______________________________________________
>> cap-talk mailing list
>> cap-talk at mail.eros-os.org
>> http://www.eros-os.org/mailman/listinfo/cap-talk
> --
> Text by me above is hereby placed in the public domain
> Cheers,
> --MarkM
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20080924/6e04ed6b/attachment-0001.html 

More information about the cap-talk mailing list