On Tue, 22 Sep 2009 09:54:12 -0400, João Eiras <jo...@opera.com> wrote:
2. The location of an icon like a favicon.ico file or png etc.
This is actually a real privacy issue. The user agent would periodically
fetch a remove favicon, which discloses the end user's ip.
If you go to a site that uses registerProtocolHandler and you allow it to
register the handler, you already trust that site and have already
disclosed your ip to it. You'll disclose your ip to it again each time you
visit the site.
Now, if the site, which I obviously trust given the above, knows that my
browser is fetching the favicon fresh now and then and can see my ip (and
can even set a cookie when requesting the favicon), I think that's a
non-issue.
However...
If any, such favicon would need to be made available offline immediately
when installing the protocol handler
O.K., that would be acceptable. And, the UA could allow the *user* to
explicitly refetch the icon if they ever wanted to. The UA wouldn't even
really have to allow a refetch as the user could just go back to the site
and re-register then handler.
--
Michael
