Michelino,
______________________________
“It is not "exactly" the same. The latter case involves a matter of choice. The former is an unexpected, and in some cases undesired, transfer.”
What you describe is a 'netiquette' issue, not a security issue. The security effect is exactly the same, whilst the latter method is more polite. The profile in question is probably guilty of bad manners, but not a security violation. SI member account info can't be passed or discovered with this method, as that info remains safe on the SI servers. The security argument put forth by C.K. and David is specious.
______________________________
“There is a greater potential for malevolence (as well as creativity) on a page that pretends to be from SI (but isn't) than with a profile that does not use re-direction.”
The re-direct could go Yahoo or a malicious page, and so could the link in the profile. Furthermore, you can name the link in the profile anything you want—so that the http ref name appears to be "www.techstocks.com", but it really goes to "www.hotnunsinleather.com" You may think that seeing the name gives you some assurance when you click, but it really doesn't. Therefore, SI should outlaw all profile links as well as re-directs, if they take any action at all.
Furthermore, If one is worried about others having their IP address, it's best to not visit any site on the net, period. It's much safer to stay home and watch TV. <gg> |
