On Wed, Jun 21, 2006 at 11:44:47AM -0400, Eric Dorland wrote: > * Robert Millan ([EMAIL PROTECTED]) wrote: > > On Tue, Jun 20, 2006 at 10:03:12PM -0400, Eric Dorland wrote: > > > * Florian Weimer ([EMAIL PROTECTED]) wrote: > > > > * Eric Dorland: > > > > > > > > >> Thanks, it seems disabling "middlemouse.contentLoadURL" gets rid of > > > > >> the > > > > >> problem. Could you make this the default? > > > > > > > > > > Nope. > > > > > > > > Why not? It's a privacy issue, after all. > > > > > > Why is it a privacy issue? It's not like Google can take this data, > > > you have to paste it to them. There's only so much that can be done to > > > protect users from themselves. Should we disable pasting into a IRC > > > client because it could potentially leak information? > > > > It seems that finaly we can discuss it; good! > > > > Users might want to paste their password when logging in through an > > HTML form. Unfortunately if instead of the target box, user selects > > the background by mistake, her password is sent automaticaly to > > google. It is too easy to select the background by mistake, given > > that the password box is small, and the background is huge. You > > just click a few pixels away, and your password is seen by everyone > > between you and google. It happened me a few times, and it seems > > I'm not the only one. > > I quite understand the issue, and you haven't made any new points > compared to the original bug report. The other side of the coin is > that this is a very useful feature and the sending of the data is > completely user initiated. We could debate whether or not it is easy > to make this kind of mistake, but it can be disabled if you don't > trust your eye-mouse coordination. There are plenty of much more > destructive actions that can happen by being a few pixels off with a > mouse click. </serious> Last I knew mozi could measure entropy. So measure the entropy of the pasted data and if it exceeds some critical threshold don't send it without prompting. <serious>
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]