Skip to content

Contacts ID is revealed in the URL #788

Open
@frommMoritz

Description

@frommMoritz

Expected Behavior

I expect a contacts ID not to be part of the URL.

Current Behavior

In my opinion there is no need to have your contact's ID in the URL (https://web.threema.ch/#!/messenger/conversation/contact/ABCDE1234) since the URL is rewritten to https://web.threema.ch/#!/welcome when you open a new threema web tab. The inclusion of messenger/conversation/contact/ABCDE1234 is therefore not needed. This compromises users privacy because it is an unnecessary indicator of whom you contacted is persisted in your browsing history.

Possible Solution

The Contacts ID should be stored within the javascript and therefore would not appear in the URL bar and not be pushed to history.

Your Environment

  • Threema Web version: 2.1.7
  • Browser name and version: Firefox 66.0.2

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementEnhances functionalityprivacyImpacts privacyuiUser interface related

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions