[Greasemonkey] greasemonkey for secure data over insecure networks / sites

Aaron Boodman zboogs at gmail.com
Mon Jul 18 12:19:22 EDT 2005


Ugh, I forgot about Object.watch().

Mark, I don't think you've burnt karma, but I don't think you're being
fair either. I worked on 0.4 pretty much myself, so your complaint is
leveled directly at me, personally.

So let me take a moment to clarify my response last time you brought
this up. Up until now, I have known that there were ways for sites to
know which scripts you were running and to break Greasemonkey or block
those scripts. But I was thinking of it only as an issue with
anonymity, which while a goal, has not been critical to me. Making
Greasemonkey stable and compatible was more important than preventing
sites from knowing that you are running
bus1n3ssm0deld3str0yer.user.js.

As far as I can remember, today is the first time anybody has brought
script sniffing up as a security issue. I appreciate the idea that,
being omniscient, I should have known about it. But I assure you: I'm
an idiot. Also, I'm not working on Greasemonkey full-time. Worst of
all, I'm not used to thinking about security.

So please, please, please: petend your talking to a three-year old and
make yourself clear when you feel strongly that something needs to be
fixed/implemented. I'm listening.

I'll get back on figuring out how to run scripts separately from the
DOM immediately. Thanks for the rallying call.

- a


More information about the Greasemonkey mailing list