[Greasemonkey] greasemonkey for secure data over insecure networks / sites

Mark Pilgrim pilgrim at gmail.com
Mon Jul 18 12:05:51 EDT 2005

On 7/18/05, Martin Sarsale <martin.sarsale at gmail.com> wrote:
> This guy wanted to read some sensible data via bloglines but he didn't
> wanted them (bloglines) to be able to read it, so he coded a rss
> producer that outputs encrypted data (insidea a valid RSS  file) and a
> greasemonkey script that decrypts it on the bloglines site.

I've known about this for months ("this guy" is my best friend), and
I'm happy to finally be able to talk about it.  First, it's
"sensitive", not "sensible", but never mind that.  Second, I'm torn
between whether this hack points the way for a sensible (<g>) way
towards using Atom 1.0's support for XML encryption/digital
signatures, or whether it points out that such an established
infrastructure is unnecessary.  (This *is* Greasemonkey, after all --
jack of all hacks, master of none.)

Third, I've had discussions with him about extending this in a variety
of ways.  You could embed a web form that prompted for the password,
instead of hard-coding it in the script.  There's also nothing
particularly syndication-specific about this (except for playing
Buzzword Bingo).  You could embed encrypted data in regular web pages,
display:none by default, and the script could come along and embed a
form for decrypting it, and/or auto-decrypt it.  This points to the
concept of a partially-encrypted web, ordinarily invisible, and a
generic GM script that decrypts and displays it.  That gives me the
kind of woody I haven't had since I first learned about GM in the
first place.

> Bruce Schneier said "Seems like a good idea to me." :)

Specifically, http://www.schneier.com/blog/archives/2005/07/secure_rss_synd.html
which has a decent followup conversation brewing in the comments.


More information about the Greasemonkey mailing list