HJ wrote:<snip/>
So people are forced to trust other people, without having the option to clear it manually.
If you are using a computer you don't control totally, you are trusting other people.
Ok, but with my implementation you, the user, will at least have some control and IMHO having some control is better/saver.
Man, I'm sure that this will make people mad, just wait and see, because it is still a privacy issues, especially when someone writes an extension to display all of your hash keys :-)
I don't think you quite understand how the hash keys work.
You may 'think' that I don't understand the concept of hash keys, but I know how it works. You also seem to forget that it was me that wrote the lines to made it work for MultiZilla :-)
You can't reverse them to get the domain names back out again.
You can hash a particular domain and say "has the user visited https://www.foo.com?"; (which is the question the browser needs to know to do the "new site" indicator). But you can't say "give me a list of all the domains they visited."
In a perfect world maybe, but do we live in a perfect world, no.
Note that the hash would include a user-specific component, so online dictionaries of hash values wouldn't be any use.
Now we're talking, because that's a key factor, but I can only hope that it will be better implemented, unlike the wallet code, because that sucks rocks!
p.s. I've asked you this question before, but you simply ignored it, so that's why I ask it again: "Gerv, have you set 'wallet.crypto' to 'true' or not?" Yeah, one day you will find out why, as I did two years ago :-)
/HJ _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
