In article <[EMAIL PROTECTED]>, Jacek Piskozub wrote:
> You can avoid writing such details in addressbook (actually I think most
> people never bothers). You cannot avoid opening URLs if you want to see
> the Web pages.
Good point. But the spyware can still slurp up the profiles directory and
use that, yes? The information from a history may not be quite as useful
and a bit more difficult to extract, but that can all be handled
server-side.
> So there is a workaround for the address book problem but not for the
> spyware problem.
>
I assume you meant "URL bar" problem, but you're more right than you
think. ;) Frankly, this is starting to remind me of the periodic
c.i.w.a.h discussions of "Can I keep people from seeing my source",
wherein people use progressively more clever and obfuscated Javascript and
other "solutions" to try to work around a basic principle: data that you
send to a client will be available to the client-you can't *make* it be
processed. This strikes me as doing the same thing: people are insisting
that the hidden widget be removed so that evil malicious software running
on their computers can't snarf the URLs they're browsing to. Again,
you're trying to prevent some programming running as root (I assume we're
in a Win 9.x environment here) from getting data it wants in the system.
Making Mozilla cleverer at hiding data is pretty clearly a stopgap
solution; the solution is installing a personal firewall to keep the evil
malicious software from sending back data. All removing the widget will
do is give people a false sense of security.
--
Chris Hoess
