[cap-talk] Toolbars and unguessable URLs

Mike Samuel mikesamuel at gmail.com
Thu Sep 25 02:23:14 CDT 2008 

Oh, and in the interest of disclosure ; I'm a Google employee.


2008/9/25 Mike Samuel <mikesamuel at gmail.com>

> Matt Cutts has a blog post here
> You sometimes hear people say "I installed the Google Toolbar, and a day
> later, Google crawled my secret/unlinked page. Clearly installing the Google
> Toolbar caused that!" Then you'll often see me post and say "No, it didn't."
>
> I can't find anything from a Yahoo spokesman on the same question.
>
>
>
> 2008/9/25 Mike Samuel <mikesamuel at gmail.com>
>
>
>>
>> 2008/9/25 Tyler Close <tyler.close at gmail.com>
>>
>>> On Wed, Sep 24, 2008 at 12:45 AM, Mike Samuel <mikesamuel at gmail.com>
>>> wrote:
>>> > If Yahoo is sending the complete referer then it is definitely sending
>>> URI
>>> > references.
>>>
>>> The HTTP Referer header is defined to contain a URI and specifically
>>> says it MUST NOT contain a URI reference. AFAICT, this conformance
>>> language is commonly implemented by browsers.
>>>
>>
>> Quite right.
>>
>>
>> Of course, I doubt any of the quoted text makes any attempt to use
>>> terminology correctly, so it's impossible to know what these tools are
>>> doing.
>>>
>>
>> Without looking at what goes over the wire.
>>
>>
>> > With the Google toolbar privacy policy, it's less clear.
>>>
>>> The Google policy makes it impossible to create any access-control
>>> mechanism that is not vulnerable to the Google software. They
>>> explicitly say they can grab any information they want.
>>>
>>
>>
>> > According to privacy policies
>>> > http://www.google.com/support/toolbar/bin/static.py?page=privacy.html&
>>> > Certain optional Toolbar features operate by sending Google the
>>> addresses or
>>> > other information about sites when you visit them.
>>>
>>> They can drive a truck through that last phrase.
>>>
>>> I think the only rational thing to do here is accept that users of
>>> these toolbars are fully vulnerable to them. That and poke fun at them
>>> for making their users so vulnerable.
>>>
>>> --Tyler
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20080925/b955f21d/attachment.html

More information about the cap-talk mailing list