Stealing Phorm's business model
Ian Batten
ukcrypto at chiark.greenend.org.uk
Mon, 7 Apr 2008 14:17:24 +0100
On 07 Apr 08, at 1317, James Firth wrote:
>
> This is an eloquent example of how web users will have private
> information
> about them leaked.
>
> Say I'm a website owner, and I have registered users' details, and I
> want to
> find out a bit more about these users. Next time they visit, I
> steal their
> Phorm UUID.
Not even steal: I could make a perfectly reasonable case that I'm
entitled to any cookie which is placed by me. Someone who forges a
cooking in the batten.eu.org domain can scarcely claim that
batten.eu.org is not permitted to access it.
ian