Links

Ben Laurie blathering

«
»

Microsoft Implement The Evil Bit

Thanks to the Shindig mailing list, I’ve just noticed this gem from Microsoft.

The essence here is that third party sites inside frames might invade your privacy by setting cookies, so IE6, by default, doesn’t let them set cookies. But, if they promise to be good, then it will allow them to be bad. Isn’t that marvellous?

What I think is particularly excellent about Microsoft’s support article is that they tell you how to suppress the behaviour by setting an appropriate P3P policy … but they don’t tell you what this policy really means, nor suggest that you should only set the policy if you actually conform to it.

Of course, you can tell it’s a Microsoft protocol because it takes 21 bytes to do what the original proposal could do in a single bit.

Share This

This entry was posted on Sunday, March 30th, 2008 at 18:41 and is filed under Anonymity/Privacy, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

1 Comment »

  1. I confess to implementing something similarly stupid for a company that shall not be named. I protested. My protests were ignored.

    The underlying point of view is that security does not matter. The intent is to pretend to solve the problem, rather than actually solve the problem.

    Comment by James A. Donald — 31 Mar 2008 @ 7:18

RSS feed for comments on this post. TrackBack URI

Leave a comment

Powered by WordPress

Close
E-mail It