Re: Privacy guarantees

To: debian-vote@lists.debian.org
Subject: Re: Privacy guarantees
From: Stefano Rivera <stefanor@debian.org>
Date: Sat, 11 Sep 2021 21:32:22 +0000
Message-id: <[🔎] 20210911213222.5xxfymneuodjk2l7@satie.tumbleweed.org.za>
Mail-followup-to: debian-vote@lists.debian.org
In-reply-to: <[🔎] CAKTje6EfnCbi=N=6qH=4AK51diCZUmo4xRfRBXBzjXg96_nQKQ@mail.gmail.com>
References: <[🔎] CAFHYt54kPT4f+tdp0iYQkLdrMEKR2Y44qGCNnbEEX7Hqnr_kew@mail.gmail.com> <[🔎] CAKTje6EfnCbi=N=6qH=4AK51diCZUmo4xRfRBXBzjXg96_nQKQ@mail.gmail.com>

Hi Paul (2021.09.11_06:18:16_+0000)
> The web applications available in Debian may suggest visitors request
> resources not available on the same web service. Since most web
> browsers don't block third-party requests by default, those visitors,
> who are only indirectly Debian users, could have a privacy violation.
> The same applies when Debian documentation is copied to a website.

Browsers have a mechanism to do this, Content-Security-Policy:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

That can be implemented by injecting <meta> tags into HTML, or serving
them through a web server (dhelp/dwww) that can provide CSP http
headers.

SR

-- 
Stefano Rivera
  http://tumbleweed.org.za/
  +1 415 683 3272

Reply to:

References:
- Privacy guarantees
  - From: Felix Lechner <felix.lechner@lease-up.com>
- Re: Privacy guarantees
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: Privacy guarantees
Next by Date: Re: Privacy guarantees
Previous by thread: Re: Privacy guarantees
Next by thread: Re: Privacy guarantees
Index(es):
- Date
- Thread