[whatwg] whatwg Digest, Vol 82, Issue 10

Boris Zbarsky bzbarsky at MIT.EDU
Wed Jan 5 21:21:03 PST 2011


On 1/5/11 3:54 PM, Aryeh Gregor wrote:
> On Wed, Jan 5, 2011 at 1:34 AM, Boris Zbarsky<bzbarsky at mit.edu>  wrote:
>> I wouldn't.  Just because a user trusts some particular entity to know
>> exactly where they are, doesn't mean they trust their stalker with that
>> information.  I picked geolocation specifically, because that involves an
>> irrevocable surrender of personal information, not just annoyance like
>> disabling the context menu.
>
> It's not really irrevocable.

How do you revoke it?  Once someone knows where you are, they know it. 
You can't make them stop knowing it.

> A MITM only has access to the info as
> long as he's conducting the MITM.

The above concern was in the context of site bugs allowing script 
injection of various sorts, not just MITM.

> As soon as the attack ends, the
> attacker stops getting info.  Moreover, anyone who's intercepting your
> Internet traffic could probably make a good guess at your location
> anyway, such as by looking up your IP address or triangulating
> latency.

http://www.technologyreview.com/web/26981/page1/ might be worth reading.

-Boris




More information about the whatwg mailing list