[whatwg] whatwg Digest, Vol 82, Issue 10
Boris Zbarsky
bzbarsky at MIT.EDU
Wed Jan 5 21:21:03 PST 2011
On 1/5/11 3:54 PM, Aryeh Gregor wrote:
> On Wed, Jan 5, 2011 at 1:34 AM, Boris Zbarsky<bzbarsky at mit.edu> wrote:
>> I wouldn't. Just because a user trusts some particular entity to know
>> exactly where they are, doesn't mean they trust their stalker with that
>> information. I picked geolocation specifically, because that involves an
>> irrevocable surrender of personal information, not just annoyance like
>> disabling the context menu.
>
> It's not really irrevocable.
How do you revoke it? Once someone knows where you are, they know it.
You can't make them stop knowing it.
> A MITM only has access to the info as
> long as he's conducting the MITM.
The above concern was in the context of site bugs allowing script
injection of various sorts, not just MITM.
> As soon as the attack ends, the
> attacker stops getting info. Moreover, anyone who's intercepting your
> Internet traffic could probably make a good guess at your location
> anyway, such as by looking up your IP address or triangulating
> latency.
http://www.technologyreview.com/web/26981/page1/ might be worth reading.
-Boris
More information about the whatwg
mailing list