On 1/5/11 3:54 PM, Aryeh Gregor wrote:
On Wed, Jan 5, 2011 at 1:34 AM, Boris Zbarsky<[email protected]> wrote:
I wouldn't. Just because a user trusts some particular entity to know
exactly where they are, doesn't mean they trust their stalker with that
information. I picked geolocation specifically, because that involves an
irrevocable surrender of personal information, not just annoyance like
disabling the context menu.
It's not really irrevocable.
How do you revoke it? Once someone knows where you are, they know it.
You can't make them stop knowing it.
A MITM only has access to the info as
long as he's conducting the MITM.
The above concern was in the context of site bugs allowing script
injection of various sorts, not just MITM.
As soon as the attack ends, the
attacker stops getting info. Moreover, anyone who's intercepting your
Internet traffic could probably make a good guess at your location
anyway, such as by looking up your IP address or triangulating
latency.
http://www.technologyreview.com/web/26981/page1/ might be worth reading.
-Boris
