Sure. But it needs to be signaled to the user since this is a restriction for the user’s sake, not the site owner’s.
-
-
Replying to @johnwilander @ericlaw
I guess I’d point back to
@__apf__,@estark37, et al’s research. My understanding is that users don’t generally notice the _absence_ of positive indications of security.1 reply 0 retweets 1 like -
Still, no browser has abandoned padlock/green bar. And as I said at the WebAppSec meeting, password and contact auto fill should really only work on Single Trust pages.
2 replies 0 retweets 1 like -
Replying to @johnwilander @ericlaw and
To the former: yet! To the latter: I worry that very few forms would meet that requirement, and that it would be worse for users to make sign-in/payment less reliable. It’s a trade-off, to be sure, but seems to me to be a reasonable one.
1 reply 0 retweets 0 likes -
Replying to @mikewest @johnwilander and
Counter-argument: When you buy a sandwich at the local deli, is it useful and actionable to know that 13 parties will have access to your sandwich purchase details (credit card, payment vendor, outsourced accountant, etc)
1 reply 0 retweets 5 likes -
that's not an accurate analogy, though. what this tells you is that 13 parties might or might not be accessing your details, and doesn't tell you at all about 4 others (e.g. data shared server-side)
1 reply 0 retweets 3 likes -
Ryan Sleevi Retweeted John Wilander
Yeah, got messed up by Twitter threading and thought
@mikewest was replying to https://twitter.com/johnwilander/status/933384498682703873 … My question is whether or not knowing "13 parties" is actionable for users, and whether it's inconsistent with real world expectations and experiences.Ryan Sleevi added,
2 replies 0 retweets 0 likes -
It’s actionable in that users can ask questions and opt out. Why are 13 orgs listening in to my conversation with my physician? Why do the listen in when I submit an anonymous tip?
2 replies 0 retweets 0 likes -
Replying to @johnwilander @sleevi_ and
This mental model is the main problem with such a proposal -- loading resources from other domains is in no way equivalent to allowing owners of these domains to "listen in" on the user's interaction with your site.
1 reply 0 retweets 1 like -
Replying to @arturjanc @sleevi_ and
I go to my healthcare provider’s page on diabetes, prostate cancer, or abortion. The page loads 3rd-parties. No sensitive leakage? 3rd-party script sends off form data in cross-origin pixel requests. No leakage?
1 reply 0 retweets 0 likes
First of all, you should define what you mean by "loads 3rd-parties". Images? Fonts? Frames? Stylesheets? Scripts? Scripts with SRI?
-
-
Replying to @arturjanc @sleevi_ and
All of them. But real 3rd-parties, not just cross-origin with the same owner.
1 reply 0 retweets 0 likes -
Replying to @johnwilander @sleevi_ and
<img src="https://evil.com " referrerpolicy="no-referrer" /> What can http://evil.com do?
3 replies 0 retweets 1 like -
Replying to @arturjanc @johnwilander and
Demand a unique token in the URL. Get Referer in browsers that don't support Referer policy.
0 replies 0 retweets 0 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.