Tor would not be validating the nature or security of the hosted site, rather the JSON would be confirming attributes of the visitor. I cannot imagine many scenarios where a malicious party stands to benefit from forging these credentials -- or for that matter a manner where they could not fake a confirmation themselves without using the API.
On Sun, Nov 6, 2011 at 9:13 PM, Andrew Lewman <[email protected]> wrote: > On Sunday, November 06, 2011 11:00:08 Fabio Pietrosanti (naif) wrote: > > Let's support that AccessNow https://www.accessnow.org/ would like to > > implement the privacybadge web widget, they have several options: > > A word of caution about privacy badges, learning the history of TRUSTe is > relevant, https://secure.wikimedia.org/wikipedia/en/wiki/TRUSTe#History. > > Research shows that sites with the TRUSTe seal are the least likely to > honor > what you think of as privacy, http://www.benedelman.org/news/092506-1.html > . > > -- > Andrew > pgp 0x74ED336B > _______________________________________________ > tor-talk mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C.
_______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
