> From: =?ISO-8859-1?Q?Matth=E4us_Wander?= <[email protected]>
> > I assume I'm odd, because I'm not eagar to put the invisible HREF > > anchor on my web pages because of the extra DNS transactions imposed > > on users. I also have vague worries I can't articulate about privacy > > concerns. > >=20 > > My answer to putting a simple <IMG> beacon on my web pages would > > be a flat "never." There are too many technical and legal issues. > > For example, what about privacy issues with the referer string? > >=20 > Can't argue with that. If privacy is an issue, you won't become friends > with foreign HTTP resources. I don't understand that. Whether an HTTP server is foreign or domestic (for any value of domestic) does not by itself determine its trustworthiness. I start by assuming any HTTP server is untrustworthy, but that doesn't imply that I should involve third parties. The privacy issues I meant involve the third parties counting DNSSEC aware resolvers. The commercial hit counters also claim to be trustworthy, even as they sell their measurements. I assume that none of you guys would do something like correlating referer strings, your results, and WHOIS or other e-appended values to send email to web masters offering to sell better DNS resolver software. I also assume that if a financial institution put your beacons on their TLS web pages, none would try to 'leverage' the resulting referer, weak DNS resolver, and IP address data. And so forth and so on including other attacks I can't imagine. However, a security policy based on assumed good intentions is incompetent. Vernon Schryver [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
