[tor-talk] Flashproxy questions. (Badge config, user interaction)

David Fifield david at bamsoftware.com
Sun Oct 7 15:06:22 UTC 2012

On Sun, Oct 07, 2012 at 11:08:15AM +0200, Sebastian G. <bastik.tor> wrote:
> Thank you for the detailed information.
> >> How can it be achieved that the badge is only active after it has been
> >> clicked?
> > 
> > What this means is that the JavaScript would run, but not actually do
> > anything until clicked.
> My question wasn't precise enough. As far as I understand it now, a
> website owner (admin) can't choose between opt-in and opt-out, right?
> I assumed that
> iframe ="//crypto.stanford.edu/flashproxy/embed.html" width="80"
> height="15" frameborder="0" scrolling="no">
> will be a badge that is running on the users end (opt-out).
> My question was how an admin can achieve to have be opt-in? (Now I
> understand that doesn't seem possible.)
> Couldn't you have
> "crypto.stanford.edu/flashproxy/embed_opt_in.html"
> and
> "crypto.stanford.edu/flashproxy/embed_opt_out.html"
> to make it possible to choose between them?

This is what I am thinking. Something like

<iframe src="//crypto.stanford.edu/flashproxy/embed.html?cookierequired=true">
<iframe src="//crypto.stanford.edu/flashproxy/embed.html?cookierequired=false">

The query parameters are easier to handle from a code point of view. The
way it works now is cookierequired=false. With cookierequired=true,
clicking on the badge will bring up a yes/no dialog, and set a cookie if
yes. I think it's reasonable for the cookie to grant permission across
all web sites.

David Fifield

More information about the tor-talk mailing list