[Cryptography] Comey: targeted ads => plaintext access

Bill Frantz frantz at pwpconsult.com
Mon Sep 21 17:45:11 EDT 2015


On 9/21/15 at 12:00 AM, fw at deneb.enyo.de (Florian Weimer) wrote:

>* Bill Frantz:
>
>>On 9/18/15 at 10:37 PM, hbaker1 at pipeline.com (Henry Baker) wrote:
>>
>>>However, why should the user trust Google's f(x) not to simply
>>>send every w back to Google in the clear?
>>
>>Systems like SES <https://code.google.com/p/google-caja/wiki/SES>
>>allow building confined environments to run code. If these
>>environments do not have access to send network packets, then the
>>confined code can not send data to Google (or anyone else).
>
>But in an advertising context, these environments have to be leaky,
>otherwise you could not redirect users to other sites when they click
>the ads, or bill for showing specific ads or clicking on them.

We can give the advertising code the ability to either navigate 
this tab to another URL or open another tab with a URL. While 
the act of visiting a web page leaks data, it is obvious that 
one has popped up.

Cheers - Bill

--------------------------------------------------------------
Bill Frantz        | There are now so many exceptions to the
408-356-8506       | Fourth Amendment that it operates only by
www.pwpconsult.com | accident.  -  William Hugh Murray



More information about the cryptography mailing list