Cosas raras del protocolo HTTP

Muy interesante el sitio web HTTPWTF, en el que se explican cosas raras del protocolo HTTP.

Entre las cosas raras que aparecen, está Referer, que ya lo conocía y siempre me había llamado la atención:

The HTTP Referer header tells the server which page you came from previously, or which URL triggered a resource load. This has some privacy challenges, but it’s stuck around, and it’s sent in most requests made as you browse the internet.

Notably, it’s spelled wrong. This was added in the very early days of the web, and the unix spell checker at the time didn’t recognize either referer or referrer (the correct spelling). By the time anybody noticed, it was in serious use in infrastructure and tools all over the place, so nothing could be changed and we have to live with every browser request having a misspelled header forever.

Not especially important unless you’re writing code to read this header yourself, but a great parable for the challenges of network compatibility.

For maximum confusion and damage potential, new privacy/security headers related to this like Referrer-Policy do use the correct spelling.

La Web está jodida

Muy interesante la reflexión que se expone en La Web está jodida. Y ya no hay nada que podamos hacer por ella. Un manifiesto, que es una reseña de la página web The Web Is Fucked.

Este manifiesto empieza con:

I have something to tell you, dear reader. The web is fucked. It’s a sad state of affairs that we’re in – gone are the days of Web 1.0 where the humble personal blog and the likes of GeoCities reigned supreme.

Instead we’ve been left with Web 1.0’s rotten remains where centralisation, monopolies and tracking are the order of the day.

It’s shit.

The Internet has been monetised by social media, by big tech, by search engines. Fuck, it’s been monetised by pretty much everyone. The whole concept of netizens and a community around the web, from the late 90s and early 00s, have been lost to the sands of time.

Again, it’s shit.

This is my manifesto; a warning to everyone who uses the web. It’s fucked and it’s not gonna change.

Cuidado con el autocomplete (autofill)

Muy interesante el análisis que se ha publicado en The Autofill Dark Pattern:

Both of these features present (at least) two main risks for the user, both related to their personal data and its privacy:

  1. Non-visible fields are populated (this is not the same as fields with a hidden type);
  2. Autocompleted information can be read via JavaScript even before the user submits the form.

This means that once a user selects to autofill the information, all the fields will be available for the developer to read. Again, independently of the user submitting the form or not, without the user knowing what fields were actually populated.