Menu
▾
▴
Re: [Unity-idm-discuss] 3rd site content and cookies
|
From: Krzysztof B. <kb...@un...> - 2020-10-06 09:32:30
|
W dniu 06.10.2020 o 09:32, Marcus Hardt pisze: > On 10/06/20 09:24, Krzysztof Benedyczak wrote: >> Marcus, >> >> W dniu 05.10.2020 o 10:47, Marcus Hardt pisze: >>>> The fact that the user gets a cookie >>>> from a site which was not visited is just few bytes on her hard drive, >>>> nothing more. So I can ask: what is the real problem here? >>> By requesting the picture, the user informs _all_ IdPs that he is about to >>> log in to unity. That does not seem right, does it? >> No, that's not true. The IdPs can only know that some *anonymous* one is >> trying to enter unity instance (and only after if and after they check that >> referer URL is of some unity instance). Nothing more. > The anonymous is the goal here. For this unity needs to proxy the > requests. At the moments it's my browser requesting those images. This is > by no means anonymous. Are you browsing the web? Entering _any_ page opens a huge risk that this webpage has an asset embedded and your browser will download it. What's more in the age of CDNs you are sharing your "data" with them almost always. Not to mention cloudflare and other similar services. >> What privacy concern is there? > I am unneccessarily forced to releasing information to third parties, > potentially outside europe, that I've never wanted to authorise. Well, what information? That some unknown person using say Firefox entered a webpage Y from IP Z. If you are very concerned about Z use one of public VPN services (I do - solves the problem for all cases). Still Z is mostly useless information in age of NAT and dynamic IPs. You can also fake client agent (pretend that you are curl) if this matters for you - but why? If your concern is about tracking for advertising/marketing - disable 3rd party cookies in your browser. But seriously: are edugain IdPs providing contextual ads around the globe? :-) Best, Krzysztof |
