[Imc-drupal-dev] open publish
ekes at aktivix.org
Tue Jul 21 11:41:01 PDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Ah the ever good reminder over security...
flowerchild at puscii.nl wrote:
> * Calais � http://www.opencalais.com
Very cool service, get tags for your content, but it's a call out _with
the content_ to an external service on commercial non-controlled servers.
> * Yahoo! BOSS � http://developer.yahoo.com/search/boss
Dunno what this one's usef for here, but...
> * Flickr API � http://www.flickr.com/services/api/keys
Obviously embedding content from an external site, that makes users leak
their IP address without warning them. For this and youtube/blip.tv
embeds that are becoming ever more popular I think at 'click this to
the content on our own network (in the broader sense of autonomously
controlled servers) is better and more sustainable in the longer run.
> * Google Maps � http://code.google.com/apis/maps"
And this also if it's embedding google maps. If it's just used for
geocoding, it's just giving out the public location information, but
probably doing it synchronously with a post being made.
Also quick scan of the package it uses mollom for spam filtering as
well, which is another callout, and requires IP addresses to be
available on the system and to mollom.
Anyone who thinks all this IP address stuff is overzelous security stuff
should look at what's happened recently in the UK where there was the
smallest sniff there *might* be IP addresses that the police could get
of someone making a post that could be 'related to their enquiries'
(there aren't IP logs there by the way).
After all that negativity I'll make a more positive post to follow :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Imc-drupal-dev