[foaf-protocols] privacy considerations: can a nosy https: site probe user identity without explicit permission?
danbri at danbri.org
Fri Feb 11 13:50:03 CET 2011
Anyone got a sense of the landscape of default browser behaviours here?
Assume I have set myself up for WebID, and am browsing around the Web
(which includes more and more SSL-by-default sites).
Some of these sites I might want to keep my identity private from.
Are there common browser configurations where the default allows such
sites to probe their otherwise-anonymous users, and ask the browser
for a certificate *without any GUI prompt*? (eg. if I only had one
identity in browser, so no need for a pick-list...)
Thanks for any info,
More information about the foaf-protocols