fair point but driving a whole attack from js served from the subdomain is more difficult than doing it directly with the cookie. Raising the bar rather than complete prevention. The same is true for XSS and the httponly flag on cookies but it still exists and gets used.
-
-
Yep. DMCA, Copyright, and Trademark law certainly would enable this, particularly if you add some protective DRM even if it's only minimal. Let them do what they want under their own badged version of Chromium..
-
Come on, you think you're in the right, but so do they and they have just as much money to spend on lawyers and lobbyists. Both sides are saying "we need to do this for security" and both sides think the users are on their side. Do you really believe this is easy?

-
Of course it's not easy, but at least there's extant case law for unauthorized derivative works. Trademark law is pretty clear here too. If they effectively alter your product but keep your branding, it's an actionable violation.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

