Timeline for Trying to create safe website where security is handled by the website and not the user
Current License: CC BY-SA 3.0
8 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Oct 8, 2016 at 11:03 | comment | added | Dennis Jaheruddin | @pwdst Your comment inspired me to write this answer. | |
| Oct 7, 2016 at 19:38 | comment | added | user2428118 | Note that TLS leaks the size of the accessed page, which may be used to what content is accessed. | |
| Oct 7, 2016 at 17:02 | comment | added | pwdst | Even the plausible deniability of being unable to prove the content that was served for a given URL plucked from the browsing history of a user or via other means won't remove the fact that the browser may retain cached copies of the dangerous content (which would need to be purged) or that the user may simply be caught in the act. The end user must take precautions, this isn't something that can be dealt with by the website alone. | |
| Oct 7, 2016 at 6:57 | comment | added | paj28 | This advice is not appropriate for countries where it is "very dangerous" as the question asks. I've included some details in my answer. I think your answer is well written, so we shouldn't delete it, but you need to include a prominent disclaimer that this is not suitable for "very dangerous" countries. Until you do that, it's -1 from me. | |
| Oct 6, 2016 at 20:10 | comment | added | Doktor J | Offering plenty of "normal" content, and providing single-use "tokens" (URL, cookie, etc) to the "dangerous" content is about the only way to do it. For best obscurity/deniability, once used, a single-use token should serve a specific piece of normal content (possibly selected at random upon generation of the token)... so anyone who attempts to replicate the vulnerable user's connection will only ever see normal content and all subsequent attempts to use it will see the same content, so it behaves as the token would if a user were legitimately trying to view the normal content. | |
| S Oct 6, 2016 at 18:37 | history | suggested | Cody | CC BY-SA 3.0 | commas, spelling |
| Oct 6, 2016 at 18:27 | review | Suggested edits | |||
| S Oct 6, 2016 at 18:37 | |||||
| Oct 6, 2016 at 15:47 | history | answered | Topher Brink | CC BY-SA 3.0 |