[LINK] RFI: Firefox 3.5/3.6
Roger Clarke
Roger.Clarke at xamax.com.au
Fri Mar 26 12:48:26 AEDT 2010
At 12:22 +1100 26/3/10, Stilgherrian wrote:
>Also, when does it become "sites that you visit inviting lots of
>'strategic partners' to invade your browser", as opposed to just
>assembling a web page from a variety of data sources?
Yep, good question.
(1) One factor is the extent to which data about the consumer
is disclosed to the other party
(2) Another is whether the consumer has consented. Consent has to be
informed and freely-given. If you didn't contemplate that such
would be done, you weren't informed, so there's no consent
(3) A further factor is what the third party does while they're
in there. Back when the Web was innocent, there was HTML and
some pretty limited Javascript. Now there's the cluster of
elements that constitute AJAX. The third party is capable of
doing lots, and that constitutes invasiveness cf. assembly
That's straight off the top of my head, so I reserve the right to
vary, expand, and be shown to be not-quite-right, somewhat-wrong,
quite-wrong.
[Thanks to Scott for pointing out that I'd used the wrong expression!
[My excuses are: knowing too little, moving too fast, and forgetting
that the bland-sounding expression 'cross-site scripting' actually
refers to a category of exploit / attack - although Wikipedia
confuses the issue by calling it a vulnerability ...
[I'm hoping to find the right word, but am juggling too many things
at once this morning to be able to focus on it right now.
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list