[foaf-protocols] privacy considerations: can a nosy https: site probe user identity without explicit permission?

Dan Brickley danbri at danbri.org
Fri Feb 11 13:50:03 CET 2011

Hi folks

Anyone got a sense of the landscape of default browser behaviours here?

Assume I have set myself up for WebID, and am browsing around the Web
(which includes more and more SSL-by-default sites).

Some of these sites I might want to keep my identity private from.

Are there common browser configurations where the default allows such
sites to probe their otherwise-anonymous users, and ask the browser
for a certificate *without any GUI prompt*? (eg. if I only had one
identity in browser, so no need for a pick-list...)

Thanks for any info,



More information about the foaf-protocols mailing list