[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: Security and usability
From:       Roland Seuhs <roland.seuhs () hasos ! com>
Date:       2003-08-18 19:18:29
[Download RAW message or body]

Am Montag, 18. August 2003 19:09 schrieb Datschge:

> * Embedding of "foreign" (ie. not located on the domain the user intended
> to visit) html data using frames, iframes and layers, eg. for
> advertisements. * Embedding of "foreign" data like pictures, java, flash,
> eg. for
> advertisements, so called web bugs etc.
> * Embedding of "foreign" JavaScript, eg. for displaying advertisements as
> embedded html, pictures or embedded flash/shockwave coupled with cookie
> data saving.


> * Loading requested data of any kind from domains other than the visited
> one (aka "foreign" data): Deny

Great, now almost all my sites are broken because I usually have all static information (pictures, css, \
js) served from another domain because I use mod_rewrite. Google's archive is broken (frame loaded from a \
different domain because Google otherwise couldn't handle the load), and so is the Google picture-search. \
I just checked, I also could no longer use my webbank, because it also uses frames from different \
domains. No, I have to rephrase: I could no longer use my webbank with Konqueror. I and nobody else will \
change banks just because of moronic privacy policies. Almost all pages with screenshots are broken \
because they often have the screenshots on other servers. And bye, bye slashdot, it also gets its images \
from another domain. Thousands of other sites will be broken as well.

It's really scary.

I write really long arguments to reduce the annoyances a little bit, and the only proposals are even more \
popups, more "deny"-policies and more annoyances that would - when implemented - turn Konqueror into \
completely useless software when using the defaults.

If some webmaster wants to give a 3rd party user information, he will do it. With or without \
cookies/images/whatever. There is absolutely nothing you can do to prevent that.

All your supposed "solutions" are only supplying a false sense of security/privacy - and annoyance. \
Absolutely NOTHING else. So please, leave all those paranoia-settings in there for those who want it, but \
don't bother everybody with it and turn them OFF by default.

Roland

-- 
Hardware: The parts of a computer system that can be kicked


[prev in list] [next in list] [prev in thread] [next in thread]