-
Notifications
You must be signed in to change notification settings - Fork 8
Trk notification bar
A browser should not make transmissions that are not supported by user actions.
A browser should not make transmissions with hardcoded URLs / whose URL did not come from a website's content in the first place.
There are a lot of URLs in the source code. Many of them are never loaded in practice. Rather than auditing every single URL, we greylist all or most of them. We do this by prefixing those URLs with trk:<id>:. A handler for this new trk: URI scheme was added to display a warning whenever such a URL is loaded. If anyone sees such a notification bar, we can then decide on the action:
- Whitelisting the URL if it is considered "essential enough". The trk notification bar then no longer shows for the particular URL.
- Removal of the code that triggered the loading of that URL, e.g. usage statistics. The notification bar then no longer shows for the particular URL.
- Modification of the code to display a warning dialog to the user before continuing action, e.g. in the case of translation dictionaries. The URL is whitelisted then. The trk notification bar no longer shows for the particular URL.
If you, as a user, see such a trk notification bar, you are likely the first to notice, and should report the id number that is next to trk:.
Other resources to step in website & download • download source code • view source code