Re: Geode: some more headaches for TorButton? :-P
On Thu, 9 Oct 2008 07:51:54 -0400 [EMAIL PROTECTED] wrote: >On Thu, Oct 09, 2008 at 07:52:10AM -0400, [EMAIL PROTECTED] wrote 0.8K bytes >in 18 lines about: >: Rather than adding to the speculation, I thought I'd actually test the >plugin. >: Whenever a site requests your location, your browser asks permission to send >it, >: and also allows you to specify how much granularity to provide. You can also >: tick a box to make your browser remember those settings for a particular >: website. > >This is acceptable so long as your browser can't be tricked into >thinking you clicked yes with full granularity. Or that someone can't >remotely read your per site preferences without your knowledge. > And that none of your other plug-ins undo the setting. Allowing that kind of query to proceed strikes me as exactly the kind of thing that, say, the Google tool bar might do. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Geode: some more headaches for TorButton? :-P
On Thu, 9 Oct 2008 04:32:16 -0700 (PDT) J B <[EMAIL PROTECTED]> top-posted: >thanks to you guys who helped me unsubscribe. > >however, note that actually my (yahoo) address has full headers and I dont see >any way to unsubscribe, apart from how you guys said to do it. >I checked the headers and there is nothing about it, even under word search. >I think these headers only arrive to certain people, maybe using mail clients >etc, yahoo doesn't deliver them or they get stripped out some how Well, then send a complaint to yahoo that they have been censoring your email. That header appears on every message sent out on this list, so if the headers are missing, it's because yahoo removed them (a stupid thing for them to do, to be sure). > >Whoever is responsible for this list might wanna add an attachment to all >emails on how to unsubscribe as none of the emails I ever got showed how to do >so in headers or anywhere else. thanks good luck. > How about just getting into the habit of saving the initial responses you get from a mailing list server when you first subscribe? That way you always have the information at hand. Instructions on how to unsubscribe were included in a message sent to you confirming the fact that your email address had been added to the list. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Geode: some more headaches for TorButton? :-P
On Thu, Oct 09, 2008 at 07:52:10AM -0400, [EMAIL PROTECTED] wrote 0.8K bytes in 18 lines about: : Rather than adding to the speculation, I thought I'd actually test the plugin. : Whenever a site requests your location, your browser asks permission to send it, : and also allows you to specify how much granularity to provide. You can also : tick a box to make your browser remember those settings for a particular : website. This is acceptable so long as your browser can't be tricked into thinking you clicked yes with full granularity. Or that someone can't remotely read your per site preferences without your knowledge. -- Andrew
Re: Geode: some more headaches for TorButton? :-P
* on the Thu, Oct 09, 2008 at 01:11:37PM +0200, Tom Hek wrote: > It's really scary when a random website can request your physical > location imo.. I really hope you can disable that shit in the new > version of Firefox when they include it.. Rather than adding to the speculation, I thought I'd actually test the plugin. Whenever a site requests your location, your browser asks permission to send it, and also allows you to specify how much granularity to provide. You can also tick a box to make your browser remember those settings for a particular website. This is no risk whatsoever. They'll almost certainly include an option to turn it off altogether, but even if they don't you have to explicitly state that the website is allowed to see your location. -- Erilenz
Re: Geode: some more headaches for TorButton? :-P
thanks to you guys who helped me unsubscribe. however, note that actually my (yahoo) address has full headers and I dont see any way to unsubscribe, apart from how you guys said to do it. I checked the headers and there is nothing about it, even under word search. I think these headers only arrive to certain people, maybe using mail clients etc, yahoo doesn't deliver them or they get stripped out some how Whoever is responsible for this list might wanna add an attachment to all emails on how to unsubscribe as none of the emails I ever got showed how to do so in headers or anywhere else. thanks good luck. --- On Thu, 10/9/08, Tom Hek <[EMAIL PROTECTED]> wrote: > From: Tom Hek <[EMAIL PROTECTED]> > Subject: Re: Geode: some more headaches for TorButton? :-P > To: or-talk@freehaven.net > Date: Thursday, October 9, 2008, 4:11 AM > It's really scary when a random website can request your > physical > location imo.. I really hope you can disable that shit in > the new > version of Firefox when they include it.. > > Tom > > Marco Bonetti wrote: > > Link bounced from /.: > http://labs.mozilla.com/2008/10/introducing-geode/ > > > > Looks like the upcoming versions of firefox will ship > the support for W3C > > geolocation specification: what's better for a tor > attacker to ask > > directly to the browser where its user lives? ;-) > > I'm quite confident there'll be a way to > (easily?) disable this feature > > but it's scaring stuff nevertheless. > > > > ciao > >
Re: Geode: some more headaches for TorButton? :-P
It's really scary when a random website can request your physical location imo.. I really hope you can disable that shit in the new version of Firefox when they include it.. Tom Marco Bonetti wrote: Link bounced from /.: http://labs.mozilla.com/2008/10/introducing-geode/ Looks like the upcoming versions of firefox will ship the support for W3C geolocation specification: what's better for a tor attacker to ask directly to the browser where its user lives? ;-) I'm quite confident there'll be a way to (easily?) disable this feature but it's scaring stuff nevertheless. ciao
