[cap-talk] Toolbars and unguessable URLs
Tyler Close
tyler.close at gmail.com
Wed Sep 24 18:01:33 CDT 2008
On Wed, Sep 24, 2008 at 12:45 AM, Mike Samuel <mikesamuel at gmail.com> wrote:
> If Yahoo is sending the complete referer then it is definitely sending URI
> references.
The HTTP Referer header is defined to contain a URI and specifically
says it MUST NOT contain a URI reference. AFAICT, this conformance
language is commonly implemented by browsers.
Of course, I doubt any of the quoted text makes any attempt to use
terminology correctly, so it's impossible to know what these tools are
doing.
> With the Google toolbar privacy policy, it's less clear.
The Google policy makes it impossible to create any access-control
mechanism that is not vulnerable to the Google software. They
explicitly say they can grab any information they want.
> According to privacy policies
> http://www.google.com/support/toolbar/bin/static.py?page=privacy.html&
> Certain optional Toolbar features operate by sending Google the addresses or
> other information about sites when you visit them.
They can drive a truck through that last phrase.
I think the only rational thing to do here is accept that users of
these toolbars are fully vulnerable to them. That and poke fun at them
for making their users so vulnerable.
--Tyler
More information about the cap-talk
mailing list