[tahoe-dev] Fwd: Fwd: Disabling clipboard access in Internet Explorer

[. .]

Hello all,

Zooko thought I should share, so here you go.


---------- Forwarded message ----------
From: . . <mr.monkey at gmail.com>
Date: Wed, Nov 12, 2008 at 8:23 PM
Subject: Re: [tahoe-dev] Fwd: Disabling clipboard access in Internet Explorer
To: zooko <zooko at zooko.com>


Hi Zooko,

I feel that, fundamentally, URLs are "names", and that part of the
contract of a name is that it is public. People treat names as public
accessors or handles in many aspects of daily life. Hoping that a name
remains secret is to hope for an unlikely thing. For example, IE and
Firefox print the URL of the page at the footer of the page when you
print. Is that a bug? I'd say no; it's a reasonable feature that
allows anyone in possession of the printout to find the original
online.

Therefore, as used by real humans, Tahoe will not be as secure as it
could be. There are just too many ways for a URL to leak out, and even
if you tell them carefully, people will not internalize the idea that
Tahoe names are secrets. It's at odds with everyday expectations and
behavior.

IE's clipboard access, however, is beyond the pale, and hardly Tahoe's
fault. Wow!! :(