On 12/06/12 15:39, Kevin Chadwick wrote: > Leaving aside server/device security which may affect user security and > also completely anonymised data matching to connection details or > substitued user ids. An example being homesafe violating the long > standing and well serving principle of simple safe routing technologies > employing Hauwei hardware. Note: Symantec couldn't keep their own > source code secure.
I think Sid was looking for specific scenarios relating to this proposal rather than a list of other security problems in other systems. > Is there any chance of chaining together anonymised downloads in your > design perhaps via some url scheme or proxying a user is using or any > other kept information potentailly giving crude information on likely > researched parts employed in an unknown companies product for example. > There may even be a unique download url you can identify someone to and > if you can chain then get a wealth of information such as a medical > condition. The originating site already knows that you downloaded the file, because you downloaded it. If the URL is user-specific, then the only way Google can find out about you is to go to the site and say "hey, tell me about the user which made this download". I can't see any reason why they would want to do that or could make any money from doing that. Gerv _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
