This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 26305 - The introduction mentions that domains cannot affect each other for privacy reasons. Web messaging i [...]
Summary: The introduction mentions that domains cannot affect each other for privacy r...
Status: RESOLVED FIXED
Alias: None
Product: WHATWG
Classification: Unclassified
Component: HTML (show other bugs)
Version: unspecified
Hardware: Other other
: P3 normal
Target Milestone: Unsorted
Assignee: Ian 'Hixie' Hickson
QA Contact: contributor
URL: http://www.whatwg.org/specs/web-apps/...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-10 15:36 UTC by contributor
Modified: 2014-09-03 23:43 UTC (History)
2 users (show)

See Also:

Attachments

Description contributor 2014-07-10 15:36:51 UTC 
Specification: http://www.whatwg.org/specs/web-apps/current-work/multipage/web-messaging.html
Multipage: http://www.whatwg.org/C#crossDocumentMessages
Complete: http://www.whatwg.org/c#crossDocumentMessages
Referrer: http://www.google.nl/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCIQFjAA&url=http%3A%2F%2Fwww.whatwg.org%2Fspecs%2Fweb-apps%2Fcurrent-work%2Fmultipage%2Fweb-messaging.html&ei=FrC-U5vnJIajPcPKgeAJ&usg=AFQjCNF-jJmQPDFNHrAmasks2Z0KiB4o0w&bvm=bv.70138588,d.ZWU&cad=rja

Comment:
The introduction mentions that domains cannot affect each other for privacy
reasons. Web messaging is then introduced as solution. But to many users, it
is not a solution: they want their privacy protected. They do not want to
allow a page that they are visiting to pass around data to 3rd parties, such
as advertising agencies.

Posted from: 83.86.56.157
User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0
Comment 1 Ian 'Hixie' Hickson 2014-07-15 18:45:05 UTC 
Fundamentally, there's no way to stop that. The data transfer could happen on the server side trivially. If you don't trust the first-party site to not treat your data with respect, then don't visit it in the first place.
Comment 2 Ian 'Hixie' Hickson 2014-09-03 23:42:58 UTC 
(This isn't "FIXED" per se, since there is no fix. But I tried to explain why it's not a new problem.)
Comment 3 contributor 2014-09-03 23:43:24 UTC 
Checked in as WHATWG revision r8741.
Check-in comment: Try to explain why postMessage()'s privacy implications aren't actually anything new
http://html5.org/tools/web-apps-tracker?from=8740&to=8741