On 12-12-10 03:48 PM, Martijn Grooten wrote:
Remember, the idea wasn't to have a 'global' list of 'good domains', but
ones which the *user* has whitelisted, so the user recognises them.
OK - I see what is meant now.
Still, how often does the average user visit a domain they've not visited
before? For if they constantly have to approve 'new' websites, they're either
going to turn the warnings off or they're going to ignore them, which defeats
the point.
Note that it is not uncommon for example.com to use iframes that load stuff
from the apparently unrelated example.org. This is also commonly used by
malicious sites. If a user visits a 'new' site using iframes, should such a
system warn against all the domains used by the iframes?
Sounds somewhat like the "noscript" firefox plugin. I think it works in
more than just firefox.
It won't execute javascript or iframes _unless_ you whitelist the site
they come from, either temporarily (for the current session) or
permanently. There's a fairly well-developed mechanism for selecting
which sites you wish to whitelist.
It works pretty well. It has the added advantage that you can, say,
visit websites and "choose" not to participate in things like
doubleclick tracking or advertisements from other sites by not approving
them.
It's truly remarkable how one URL can trigger javascript bits from
dozens of different places.
It does mean that some first-time visits to a web site can sometimes be
very noisy. But it's less awkward than it sounds.
And you may get yourself somewhat habituated into recognizing "hey, it
threw alerts on a site that didn't before. Oh gee, different spelling".
I use it.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg