On Thu, Nov 29, 2007 at 06:56:23AM +0530, Raj Kiran Grandhi wrote: > Ron Johnson wrote: > > > >On 11/28/07 18:17, Raj Kiran Grandhi wrote: > >>Recently gmail has begun displaying the following notice when I login to > >>its web interface: > >> > >>"Firebug is known to make Gmail slow unless it is configured correctly." > >> > >>It offers a couple of option to disable/configure it. However what I > >>find disturbing is how gmail 'knows' what extensions I have installed on > >>my machine. Is there a bug in iceweasel/firefox that leaks out some > >>information on extensions to the remote servers? > > > >JavaScript? > > I do use the javascript version gmail instead of the plain html one. > However it is a surprise to me that remote sites are able to figure out > what extensions I have installed using javascript. Does that not have > privacy implications? Disabling javascript renders most sites pretty > useless. I have played around with noscript for a couple of months > before turning it off.
AIUI, enabling JavaScript enables the remote site to run javascript on your box. It doesn't do any sort of audit of what it will run. So I would assume tht it can do whatever javascript is capable of. Can javascript read my .ssh directory and grab my id_rsa or id_dsa? Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
