Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Worst case scenario is the HTTP pixel request tells attackers that there is a verification chat happening.

HTTPS the attackers know a conversation is happening, but no idea what

But, I personally think the threat is being overblown (I am happy to be corrected though)



Its not only overblown, its totally non-issue.

The main problem seems to be tracking pixel itself to deduce involvement. The suggested approach to send email to confirm email seem better, unless it contains link to login page (as it can be phished). So, the best seems to be that one should send email that explains user how to confirm e-mail by logging manually to the app.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: