[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: Security and usability
From:       Roland Seuhs <roland.seuhs () hasos ! com>
Date:       2003-08-18 19:18:29
[Download RAW message or body]

Am Montag, 18. August 2003 19:09 schrieb Datschge:

> * Embedding of "foreign" (ie. not located on the domain the user intended
> to visit) html data using frames, iframes and layers, eg. for
> advertisements. * Embedding of "foreign" data like pictures, java, flash,
> eg. for
> advertisements, so called web bugs etc.
> * Embedding of "foreign" JavaScript, eg. for displaying advertisements as
> embedded html, pictures or embedded flash/shockwave coupled with cookie
> data saving.


> * Loading requested data of any kind from domains other than the visited
> one (aka "foreign" data): Deny

Great, now almost all my sites are broken because I usually have all static \
information (pictures, css, js) served from another domain because I use mod_rewrite. \
Google's archive is broken (frame loaded from a different domain because Google \
otherwise couldn't handle the load), and so is the Google picture-search. I just \
checked, I also could no longer use my webbank, because it also uses frames from \
different domains. No, I have to rephrase: I could no longer use my webbank with \
Konqueror. I and nobody else will change banks just because of moronic privacy \
policies. Almost all pages with screenshots are broken because they often have the \
screenshots on other servers. And bye, bye slashdot, it also gets its images from \
another domain. Thousands of other sites will be broken as well.

It's really scary.

I write really long arguments to reduce the annoyances a little bit, and the only \
proposals are even more popups, more "deny"-policies and more annoyances that would - \
when implemented - turn Konqueror into completely useless software when using the \
defaults.

If some webmaster wants to give a 3rd party user information, he will do it. With or \
without cookies/images/whatever. There is absolutely nothing you can do to prevent \
that.

All your supposed "solutions" are only supplying a false sense of security/privacy - \
and annoyance. Absolutely NOTHING else. So please, leave all those paranoia-settings \
in there for those who want it, but don't bother everybody with it and turn them OFF \
by default.

Roland

-- 
Hardware: The parts of a computer system that can be kicked


[prev in list] [next in list] [prev in thread] [next in thread]