Shostack + Friends Blog Archive

 

Browser privacy from the server?

A friend writes and asks:

I’m working in NYC now, as the Web Admin for Safe Horizon. We’re the largest service agency in the
US for victims of violence, crime or abuse. We’re interested in
putting in some features into our site, but we have to protect our
visitor’s privacy, since they might be visiting our site from a
computer their abuser also uses.

We have instructions on our site detailing how to delete your history,
empty your cache, etc. And we don’t use cookies. But, I was wondering
if there might be an easier way for our visitors to stay safe. I know
there are proxy sites that allow you to surf anonymously, and telling
them to use those is certainly an option.

But, I was wondering if there was a better way. I found out about a
company called ponoi.com. Apparently, they have a “click here once and
the rest of your session is not recorded” technology. But, it’s only
for IE 5+ for Windows. Granted, that takes care of 90% of our
visitors. But, if they’re doing it, maybe someone else is too.

I’m not familiar with Ponoi: Does it work? Is anyone familiar with something else that the site can do to help? Comments are open, and appreciated!

2 comments on "Browser privacy from the server?"

  • Rich Baker says:

    Hi! This is the friend who works at Safe Horizon. Actually, I’m not sure Ponoi does work. It was recommended by another non-profit, but when I visited the site and clicked the “Try It Now” button, I got an error page. It’s been that way for more than a week now, so I have serious doubts about the company being alive, much less having a working product.
    Rich

  • Nudecybot says:

    I am assuming you are already forcing SSL access and have a reasonably well set up server side security. Therefore the client computer is the greatest security risk. One way to handle this would be to redesign the application with something harder to cache and capture session state. Like Flash for instance. Problem being you will alienate a few users out there. You can so something with a Java applet also but I find Flash is more widely supported….

Comments are closed.