Tor would not be validating the nature or security of the hosted site,
rather the JSON would be confirming attributes of the visitor. I cannot
imagine many scenarios where a malicious party stands to benefit from
forging these credentials -- or for that matter a manner where they could
not fake a c
On Sunday, November 06, 2011 11:00:08 Fabio Pietrosanti (naif) wrote:
> Let's support that AccessNow https://www.accessnow.org/ would like to
> implement the privacybadge web widget, they have several options:
A word of caution about privacy badges, learning the history of TRUSTe is
relevant, htt
On 06/11/11 19:59, Jacob Appelbaum wrote:
> I like the idea of everything being in a single script - to prevent hot
> linking that falsely suggests someone is using Tor...
Preventing hot linking doesn't prevent deception. Mallory can just host
the image elsewhere.
--
3072D/D2DE707D Julian Yon (2
On 11/06/2011 09:13 AM, Moritz Bartl wrote:
> I agree with Fabio on this one. A website explaining the badge should
> also mention the controversy and offer simple guides for local badge
> generation. You could also promote other sources for the badge, ie. the
> CCC and Torservers could host one.
>
I agree with Fabio on this one. A website explaining the badge should
also mention the controversy and offer simple guides for local badge
generation. You could also promote other sources for the badge, ie. the
CCC and Torservers could host one.
As for badge design, a script should support multipl
On 11/6/11 1:46 PM, t...@lists.grepular.com wrote:
> Clearly a lot of people don't even consider these problems though. The
> number of people using Google Analytics is proof enough of that.
We should also consider that a lot of activism organizations promoting
freedom of expression are not techni
On 06/11/11 01:26, Arturo Filastò wrote:
> I have made a patch to check.torproject.org to expose a JSONP interface
> that would allow people to have the user check client side if (s)he is
> using Tor.
It would be safer to expose a JSON web service than a JSONP web service,
and use a wild "Access-
On 06/11/11 12:46, t...@lists.grepular.com wrote:
> The content-type should be application/json or at the very least text/plain.
I was clearly talking rubbish here; the content type should be a
javascript one. Still, I was completely correct about the danger of
using text/html and allowing arbitr
On 06/11/11 10:20, Fabio Pietrosanti (naif) wrote:
> c) Almost no website today can work with Javascript disabled
As a long time NoScript user, I completely disagree with this. Almost
every website today works completely fine without JavaScript. In fact,
most websites work *better* without JavaSc
Excerpts from Jim's message of 2011-11-06 06:06:39 +0100:
> Arturo Filastò wrote:
> > I have made a patch to check.torproject.org to expose a JSONP interface
> > that would allow people to have the user check client side if (s)he is
> > using Tor.
>
> Is encouraging Java Script a good idea?
While
On 11/6/11 6:06 AM, Jim wrote:
> Arturo Filastò wrote:
>> I have made a patch to check.torproject.org to expose a JSONP interface
>> that would allow people to have the user check client side if (s)he is
>> using Tor.
>
> Is encouraging Java Script a good idea?
a) Javascript is a de-facto Web Tec
Arturo Filastò wrote:
I have made a patch to check.torproject.org to expose a JSONP interface
that would allow people to have the user check client side if (s)he is
using Tor.
Is encouraging Java Script a good idea?
I must be getting crotchety in my old my age!
Jim
_
12 matches
Mail list logo
