Aug 20, 2008

Protecting your privacy by using base64 encoded inline images + table images for IE

While creating LastPass we wanted to show an overlay on the page when you autologin to a site. We ran into an issue though: if we used a image on that overlay, the image would leak the referring URL -- a privacy leak that we wanted to avoid.

In Firefox, there is a relatively straight forward and elegant solution: use an inline base64 encoded image. This method is covered here: http://www.websiteoptimization.com/speed/tweak/inline-images/

This was great, but Internet Explorer doesn't support inline images unfortunately; we found inspiration for the solution here: http://ddzoom.net/jsimages/ and adapted it to create pure HTML not javascript. Using a table to create an image will probably make you squirm, but it works.

The overlay we are creating is in HTML, and IE can render tables quickly, so we gave it a shot and it worked great, much faster than the javascript version (because it skips all the reading and it ultimately creates a table itself).

Granted this is a very small image (our logo), and we probably wouldn't do it if we needed a very large image, but it accomplishes the goal while protecting your privacy which makes us happy.

4 comments:

  1. Hey Joe,

    I've tried LastPass and found it doesn't meet my needs. How do I delete my account?

    I can't find any reference to it on the site or in the forums.

    Thanks in advance,

    Ryan

    ReplyDelete
  2. https://lastpass.com/delete_account.php

    Would appreciate hearing why it didn't meet your needs.

    Joe

    ReplyDelete
  3. That link you gave doesn't seem to lead anywhere but the main page.

    And why it doesn't work for me is that I'm looking for a password manager that logs me in automatically, for all of my various accounts. While LastPass did for some, it didn't for others.

    Example, I have an iGoogle page that LastPass would auto log me into. However, on that page I have a RTM gadget that requires a log in, and LastPass can't seem to auto log me into that. Same goes for Xoobit in my Gmail, some of my financial sites I check daily, etc, etc.

    ReplyDelete
  4. Ryan -- that link leads you to the home page to login -- you have to be logged in before you can delete your account (otherwise anyone could delete anyone elses account).

    We'll take a look at logging into iGoogle extensions, it's not something we've tested...

    ReplyDelete