Closed Bug 44845 Opened 25 years ago Closed 6 years ago

[meta] No network communication without explicit user request

Categories

(Core :: Security, defect, P3)

Product:
Core
Component:
Security
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Future

People

(Reporter: BenB, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: meta, privacy)

We must not transfer any data in any direction without the user having requested that explicitly, or at least have an option for that. The browser is the user's tool, not the content provider's. The user must have control over what is going on (which can happen at different levels of detail, up to a general "protect my security and privacy by all means"). I do not want Netscape to know whenever I open my browser, customize my sidebar or whatever. Even less, I want data about me to be sent without me having requested that or even knowing. Examples for valid depandant bugs: - Disable XML-RPC - Don't download available panels list from a server Maybe, on a more broad scope (not sure, if this is too broad): - Access only mail server when reading mail
/
Assignee: mstoltz → mozilla
Keywords: meta
Depends on: 37877
Summary: META: No network communication without explicit user request → No network communication without explicit user request
We're already actively considering yout third point. It raises some problems (for example, it would break "send page), but it's worth considering. This is a good list of concerns for us to keep in mind. Generating third-party server hits without the user's request is a "covert channel" for data about the user, but addressing this issue is tricky.
Status: NEW → ASSIGNED
Target Milestone: --- → Future
> Generating third-party server hits > without the user's request is a "covert channel" for data about the user, Even channels back to the main server can be a problem. > but addressing this issue is tricky. Agreed, but this is no reason not to do so. In fact, it is very important to do so. It has social consequences! --- vidur, I am very concerned about your XML-extras package. It can be a very cool thing from a technology perspective, but also a reason for lots of new problems in this bug. Please be very careful while designing this stuff and keep the consequences in mind. It will propably need a lot of discussion :-/. Don't create a new security headache like JS or cookies.
No longer depends on: 37877
Depends on: 46400
No longer depends on: 46400
Depends on: 46400
XMLExtras isn't part of the Netscape 6 package. I suspect that a fairly detailed security review will precede including it in a Netscape-branded release. I do understand your concern, but am not sure how to address it given the direction the industry is moving in vis-a-vis web applications. Maybe a pref related to this kind of "out of band" network activity is a start?
vidur, I posted <news://news.mozilla.org/9CFF1ED.88ABF764@bucksch.org> my reply to .xml.
Keywords: privacy
QA Contact: czhang → junruh
QA > ckritzer@netscape.com
QA Contact: junruh → ckritzer
.
Assignee: mozilla → ben.bucksch
Status: ASSIGNED → NEW
I am not convinced that the xmlextras package is adding any new security problems. It is quite possible for a page to contain a hidden frame or iframe and for some javascript to use that to post data to a server.
Greg, please see the thread spawning from the post referenced above.
Status: NEW → ASSIGNED
.
Assignee: ben.bucksch → nobody
Status: ASSIGNED → NEW
> It raises some problems (for example, it would break "send page) No it wouldn't. Send Page should not re-retrieve pages in the first page. See bug 288462.
Blocks: 288462
Depends on: 392453
Depends on: 421253
Filter on "Nobody_NScomTLD_20080620"
QA Contact: ckritzer → toolkit

11 years without any activity on this meta bug, closing.

Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Summary: No network communication without explicit user request → [meta] No network communication without explicit user request
You need to log in before you can comment on or make changes to this bug.