Package: liferea Version: 1.4.18 Severity: normal I was using liferea and slashdot's rss was loading google ads, these loaded when you viewed the page not when you updated it. They were also designed "ultra" as a pixmap so they even know exactally where you clicked the ad if you do, there is also nothing preventing google from doing all sorts of nasty stuff when they inject this code, and it is a privacy violation that it loads when you look at it.
I am not blanketly against ads, but having stuff load externally is not ok, and javascript is not very secure, especially about this. Liferea should not load anything externall by default (unless you click a link, and for normal updating), it should not have cookie functionality (i dont believe it does.) and javascript should be turned off by default to help make this easier. -- System Information: Debian Release: 5.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
