[cap-talk] Toolbars and unguessable URLs
Mike Samuel
mikesamuel at gmail.com
Thu Sep 25 01:32:15 CDT 2008
2008/9/25 Tyler Close <tyler.close at gmail.com>
> On Wed, Sep 24, 2008 at 12:45 AM, Mike Samuel <mikesamuel at gmail.com>
> wrote:
> > If Yahoo is sending the complete referer then it is definitely sending
> URI
> > references.
>
> The HTTP Referer header is defined to contain a URI and specifically
> says it MUST NOT contain a URI reference. AFAICT, this conformance
> language is commonly implemented by browsers.
>
Quite right.
Of course, I doubt any of the quoted text makes any attempt to use
> terminology correctly, so it's impossible to know what these tools are
> doing.
>
Without looking at what goes over the wire.
> With the Google toolbar privacy policy, it's less clear.
>
> The Google policy makes it impossible to create any access-control
> mechanism that is not vulnerable to the Google software. They
> explicitly say they can grab any information they want.
>
> According to privacy policies
> > http://www.google.com/support/toolbar/bin/static.py?page=privacy.html&
> > Certain optional Toolbar features operate by sending Google the addresses
> or
> > other information about sites when you visit them.
>
> They can drive a truck through that last phrase.
>
> I think the only rational thing to do here is accept that users of
> these toolbars are fully vulnerable to them. That and poke fun at them
> for making their users so vulnerable.
>
> --Tyler
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20080925/c2ae38fc/attachment-0001.html
More information about the cap-talk
mailing list