- From: Michael A. Puls II <shadow2531@gmail.com>
- Date: Tue, 22 Sep 2009 11:00:43 -0400
On Tue, 22 Sep 2009 09:54:12 -0400, Jo?o Eiras <joaoe at opera.com> wrote: > >> 2. The location of an icon like a favicon.ico file or png etc. >> > > This is actually a real privacy issue. The user agent would periodically > fetch a remove favicon, which discloses the end user's ip. If you go to a site that uses registerProtocolHandler and you allow it to register the handler, you already trust that site and have already disclosed your ip to it. You'll disclose your ip to it again each time you visit the site. Now, if the site, which I obviously trust given the above, knows that my browser is fetching the favicon fresh now and then and can see my ip (and can even set a cookie when requesting the favicon), I think that's a non-issue. However... > If any, such favicon would need to be made available offline immediately > when installing the protocol handler O.K., that would be acceptable. And, the UA could allow the *user* to explicitly refetch the icon if they ever wanted to. The UA wouldn't even really have to allow a refetch as the user could just go back to the site and re-register then handler. -- Michael
Received on Tuesday, 22 September 2009 08:00:43 UTC