Skip directly to content

The Privly Project's Glyph

on Thu, 10/10/2013 - 19:31

Often when users are viewing a web page, they will want to know if that content has been added by a Privly extension. To allow users to differentiate Privly and non-Privly content, extensions show a random sequence of colors, a "glyph," that is only displayed when the mouse is over Privly-type content. Often the Privly extension will display additional information next to the glyph like verified identity information, security properties, and more. Keep an eye on the little popup and remember to commit your specific glyph to memory.

The Privly Glyph is the sequence of colors beneath the text.

The tooltip and glyph prevents two types of attacks that are unique to Privly's embedable approach:

  1. A user impersonates a website
    Websites have a clear visual separation between user-submitted content and site navigation. A malicious user could potentially post a Privly-type link in such a way that their content looks like the site's navigation. To prevent malicious users from spoofing other Privly users, Privly indicates where Privly content is on a page by showing a popup window anytime a user hovers over content.

  2. A website impersonates your Privly extension
    Additionally, a website you visit may present content as coming from the Privly extension that is not actually from the extension. This attack becomes very important to counter once Privly applications start signing content with private keys. To counter this spoofing threat, Privly extensions must not share their glyph publicly.