
EFF to White House: What Will You Do to Protect the Privacy of WhiteHouse.gov Users? - markup
http://www.eff.org/deeplinks/2009/01/eff-white-house-counsel
======
coryrc
Given their grievances:

    
    
       1. An "invisible pixel" style webbug/tracker on every page on the site, hosted by WebTrends.com.
       2. The entire WhiteHouse.gov domain appears to utilize edge-caching technology provided by Akamai, Inc.
       3. Access to direct-download MP4s of video content appears to be hosted by Amazon S3.
    

I have a few more to suggest:

    
    
       4. Avoid all javascript because a XSS attack could result in data going to a third party
       5. Avoid unsecured http because cache servers between my computer and whitehouse.gov could intercept traffic and change the pages
       6. Don't register the SSL certificate with a CA because they could issue a different certificate and redirect the user
       7. Don't link off site -- the other page could examine the referrer and know you visited whitehouse.gov
       8. Don't allow the traffic to be routed on networks owned by Comcast or AT&T, since all traffic is monitored there.
    

I trust the Obama whitehouse will implement these reasonable steps to
safeguard our privacy.

