[foaf-protocols] privacy considerations: can a nosy https: site probe user identity without explicit permission?

[Dan Brickley]

Hi folks

Anyone got a sense of the landscape of default browser behaviours here?

Assume I have set myself up for WebID, and am browsing around the Web
(which includes more and more SSL-by-default sites).

Some of these sites I might want to keep my identity private from.

Are there common browser configurations where the default allows such
sites to probe their otherwise-anonymous users, and ask the browser
for a certificate *without any GUI prompt*? (eg. if I only had one
identity in browser, so no need for a pick-list...)

Thanks for any info,

cheers,

Dan