On Sat, Jun 25, 2011 at 11:19:51PM +0300, Alexey Suslikov wrote: > You didn't get it. The question here, do you want someone/something to > make a decision for you?
I don't want webkit making a decision for me, whether I enable this feature on my computer, no matter how stupid would it be. Neither do I want ports to disable it for me "for the sake of better security". That's my point. I can see that link-prefetching has its issues, I don't say everyone has to use it unconditionally, I'm just saying if it's used properly, it might help. > One can put a prefetch link on his page, making your browser to access > some data with unknown access policy or license WITHOUT you even > knowing about it. > > After job is done and your activity is logged, you are a copyright or policy > violator. So can the javascripts. XSS is pretty old these days and look how many people are still not getting it. Or you can have an iframe with this content, or img with visibility:hidden; there are dozens of ways to do that. Hell, place a link that says "Don't open it, it will harm your computer" - what do you think most people would do? > This is why web has tons of websites with malicious javascript code - > because that's what web sites are for :) Do you really think the websites are made for running javascript code? I, on the other hand, do see that my laptop has a gigE card and on 100M fiber I still wait 5 seconds until every news page loads no matter what the browser is. Something is really really wrong along the way. Do we have to save bandwidth, when I run rtorrent and it flows 5 MB/s? > Prefetching is damn good for attacks because user thinks "it is a > part of html-some standard and super fast - it is good for me". Then he's a stupid user. -- Martin Pelikan
