[whatwg] registerProtocolHandler - allow site to specify more info and do custom handling

Michael A. Puls II shadow2531 at gmail.com
Tue Sep 22 08:00:43 PDT 2009


On Tue, 22 Sep 2009 09:54:12 -0400, João Eiras <joaoe at opera.com> wrote:

>
>> 2. The location of an icon like a favicon.ico file or png etc.
>>
>
> This is actually a real privacy issue. The user agent would periodically  
> fetch a remove favicon, which discloses the end user's ip.

If you go to a site that uses registerProtocolHandler and you allow it to  
register the handler, you already trust that site and have already  
disclosed your ip to it. You'll disclose your ip to it again each time you  
visit the site.

Now, if the site, which I obviously trust given the above, knows that my  
browser is fetching the favicon fresh now and then and can see my ip (and  
can even set a cookie when requesting the favicon), I think that's a  
non-issue.

However...

> If any, such favicon would need to be made available offline immediately  
> when installing the protocol handler

O.K., that would be acceptable. And, the UA could allow the *user* to  
explicitly refetch the icon if they ever wanted to. The UA wouldn't even  
really have to allow a refetch as the user could just go back to the site  
and re-register then handler.

-- 
Michael



More information about the whatwg mailing list