[cap-talk] Toolbars and unguessable URLs
Tyler Close
tyler.close at gmail.com
Wed Sep 24 18:40:47 CDT 2008
On Wed, Sep 24, 2008 at 4:13 PM, Raoul Duke <raould at gmail.com> wrote:
>> I think the only rational thing to do here is accept that users of
>> these toolbars are fully vulnerable to them. That and poke fun at them
>> for making their users so vulnerable.
>
> curious: are there folks on this list who are willingly using e.g.
> Google Toolbar?
I wish it were so simple. The problem is that folks on this list may
be designing web-applications for use by the general public. So we
have to ask what effect the popularity of these tools has on the
viability of web-keys as a design technique. It's definitely not a
good effect. I rationalize it by hoping that these spyware authors at
least do a good job of keeping their collected data safe. If they do,
then it's not a showstopper. If not, well... I know at one time Google
was transmitting all this information in the clear. I believe they're
at least using SSL now, though I haven't tested.
On the positive side, Firefox did remove some of its spyware in
version 3. They no longer transmit the user's click-stream to the
Google anti-phishing service. The corresponding Microsoft service
always truncated the URL to protect user's authority.
--Tyler
More information about the cap-talk
mailing list