Slashdot Mirror
HTML5 Draws Concern Over Risks To Privacy
Hugh Pickens writes "The NY Times reports that in the next few years, HTML5 will provide a powerful new suite of capabilities to Web developers that could give marketers and advertisers access to many more details about computer users' online activities. The new Web language and its additional features present more tracking opportunities because the technology uses a process in which large amounts of data can be collected and stored on the user's hard drive while online. Because of that process, advertisers and others could, experts say, see weeks or even months of personal data that could include a user's location, time zone, photographs, text from blogs, shopping cart contents, e-mails and a history of the Web pages visited. 'HTML5 opens Pandora's box of tracking in the Internet,' says Pam Dixon, the executive director of the World Privacy Forum. Meanwhile Ian Jacobs, head of communications at the World Wide Web consortium, says the development process for HTML5 will include a public review. 'There is accountability,' Jacobs says. 'This is not a secret cabal for global adoption of these core standards.'"
Browsers are still going to be the ones in charge of that kind of storage, just like history, cookies and other current way's of tracking user information. It's just going to require users to CONTINUE being careful about their web usage. I don't see that anything is changing.
Because of that process, advertisers and others could, experts say, see weeks or even months of personal data that could include a user's location, time zone, photographs, text from blogs, shopping cart contents, e-mails and a history of the Web pages visited.
Folks, I thought this isn't new at all. Don't cookies do the same thing? I have a cookie that will 'never' expire unless I delete it. What am I missing?
The browsers should let users control their data and privacy settings. Let users disable the new features just like the users who are truly concerned shut off 3rd party cookies and JS.
- Alice, @acarback
...of an article about privacy that requires you to register to read it
but surely all the browsers except idiot exploiter will have an option to block this, or at least an add on. firefox has something like this for javascript
So your saying that a more powerful internet will require more powerful internet security?!? Dear god, we cant have that, it would be too much like progress. Quick, everyone smash the magic box before it steals your soul through the webcam (to support terrorists)!!!
Common Sense isn't as Common as people think...
I for one like to think that there really is a "secret cabal" somewhere deep underground controlling the interwebs.
Article reads like it was written by someone who has no idea about the time and effort taken to sandbox sites from each other. Sounds like he's talking about LocalStorage or client side DBs, which can hold more data but are no more privacy risks than a single unique ID stored in a cookie linked to an unlimited REMOTE database. Accessing web history is not a part of HTML5, more FUD there, and browser vendors are working to block JS from being able to access that information. They also seem to refer to geolocation, which in Chrome at least has to be explicitly granted to sites unless you turn it on globally.
The "supercookie" thing is perhaps the one legitimate thing mentioned but browsers should (or probably will if they don't already) clear out most of those locations (except Flash, but you can't blame the browsers for that really) when you clear your private data, which at least Firefox and Chrome can do for you.
As for "buckets to put tracking information into" why bother relying on "buckets" on the client which may or may not exist, are limited in size, may change or be emptied at any time, etc, when you can buy as many "buckets" as you want server-side and store virtually unlimited data about them?
Browsers should no longer be allowed to frisk about in the general operating system,
scattering data willy nilly throughout your computer into wildly obscure folders.
I propose robust sandboxes.
You want to delete all the tracking information? Delete the sandbox.
Honest websites won't be spending their efforts to break out of the box and
malicious websites were going to pwn you anyways, so does it matter if they do?
I'm not proposing sandboxes as a security measure, merely a way to keep all the cruft from your browser & plugins locked down in one (easily deletable) place.
[Fuck Beta]
o0t!
its a shame but HTML5 has turned out to be a PR stunt, more marketing than IT.
it's pretty clear now that it isn't going to take off for the web - so no need to get concerned about issues of this kind - lets face it.
if you buy an ipad then you're hardly going to care about privacy -just enjoy your great new iAds - "aren't they neat!"
The fact that HTML is open to all means anyone can implement it in their 'browser' ... and they can allow the user to control the browser stores and feeds back to others on the Internet.
Where as if we were talking about something propreitary like say Flash, you run the risk of having very little options over controlling it since there is only one implementation (one useful one anyway) and they aren't going to add any useful features for privacy anytime soon since thats a big reason to use flash on certain sites in the first place (Yes, I know the new versions are better about flash cookie control, just making a point)
Yes, HTML5 has some features that make it easier for you to be tracked, but leaving your front door not only unlocked but also wide open with a sign that says 'I'm out of town for the next 2 weeks' is about the same thing. Their are provisions in place to protect that user.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
This neo-luddite fear-mongering must end!!! Properly secured browsers negate these "new" threats. The only "problem" as I see it, is the likely-hood that in browser manufacturers (Apple, Google, Microsoft, Firefox, Opera, etc.) rush to get these new capabilities, they'll put security on the back burner and we'll have a few years of this nonsense. This is no reason to not implement compelling features. It just raises the stakes for people to do it right. Having spent some time developing some HTML5, I for one, am looking forward to the new goodness.
...that many want the browser to be the operating system.
With Javascript the preferred systems programming language
I've got my set of barf bags ready...
... when you can buy as many "buckets" as you want server-side and store virtually unlimited data about them?
Because it costs money? My fear is considering what spammers may or may not do with this local storage. I'm not opposed to local storage but I think it needs more user notification when and what is accessing it. Not requiring user intervention but knowledge about who and what is storing that data. I would prefer a browser to let me know if some no name advertiser were storing data there than, say, Slashdot or New York Times doing something to better my reading experience. I welcome it. It needs to happen. The W3C branched this to a totally separate group from the regular HTML 5 group I believe because there's a lot to iron out yet. I hope they change the way things are allowed to access it in the browser implementation yet. I hope.
People get upset when you further facilitate and make it easier for bad people to do bad things. That's how it's been for quite sometime whether the social enemy is a serial rapist or Facebook.
I suspect, as has already been noted that this will simply facilitate more advertisers to do this because now they don't need servers or bandwidth to support your "unlimited data" buckets.
My work here is dung.
Didn't the 90s (And early 2000s) teach us anything? If HTML isn't implemented in essentially the same way across all browsers the Internet will stagnant again and we will turn to cross-platform plugins like Flash to actually get stuff done.
Taxation is legalized theft, no more, no less.
while all of US are feasting on.... ?turds??
"Sunday is10/10/10. The government and other professional liars have had something to say about the date. Everything the government and media say are lies, or the groundwork for lies to come. All of it is especially, sculpted soft stool from the Dairy Queen machinery of a banker’s ass. You’re expected to eat and enjoy it, without knowing the composition or the source. The complexity of their intentions can be summed up quite simply. They want to take you to the point where you don’t know what the ice cream is made of, or where it came from, to the point where you line up with your cones in hand and wait in a rapt, religious hunger to obtain it from the source. Your eyes should gleam with gratitude as you walk away, knowing that you have seen one of the key mysterious out workings of God. You are free to speak in tongues as soon as your tongue is freed up for the opportunity. Fecallalia is the new glossolalia and you are now tanked up with shit for your own part in the performance. Please be creative with your lies. You’re playing musical chairs in front of a crematorium.
You are not dead. You are dreaming but the dream grows dark, when you are surviving on a dead man’s shit.
Humanity has many enemies. It has as many enemies as there is room in the mind to contain them. The most enduring and powerful of these enemies is the most invisible when it is most obviously before your eyes; appearing as something else. There is only one enemy and that is your mind. It is also your best friend, depending on who is in charge of it. Your life is either a virtual cathedral or a toilet designed as the object of desire. Gold plated shit-nacks are the bronzed baby shoes of your dreams that died in the cradle. It doesn’t really matter if you’re Chuck Berry lying face up under a glass table or lining up behind a banker’s ass. It’s still you. it’s still shit. The first place it happens is in your mind. A lot more people would understand the allegory of the temptation in the Garden of Eden and the resulting civilization if they studied all of the meanings of transposition or, maybe not. Maybe you need to know what the apple is. Maybe you need to understand the dynamics of the cosmic attractive force. Maybe the best way to understand how the mind works is to empty it first. Anyone who can empty their mind and relentlessly keep it empty for a period of time will get a first hand education on how the mind works and all of the implications as well."
Horror! Panic! Aaaaaah!
HTML5 -- is it a new language? Is it a set of extensions to HTML, Javascript, or is it more of a concept/phenomenon, like "Web 2.0"?
I read it as an extension of the HTML standard, but quite often its treated as a "new language" as opposed to an extension, upgrade, etc. I wonder if that's half the problem -- I think generally speaking, people are a little weary of many new things, technology wise, and failure to cast this as more of an upgrade than a wholly new entity (even if the new features make it so) probably has a lot to do with some of the scaremongering associated with it.
As much as I appreciate their intended purpose...they should really get a talking head that has a clue about technology. Their previous fear mongering topics have been rfid, cloud computing, social networking, etc. The one thing their "warnings" have in common is that all seem to have been put together by someone with a complete lack of understanding of how things already work.
HTML 5 will certainly allow for more flexibility for developers but will also allow browser vendors to provide better security simply due to a large portion of 3rd party addons becoming unnecessary. Its much easier to keep track of one standard over a bunch of what ifs.
i don't have a problem with a website seeing everything i do on that website. i have a problem with a website seeing what i do on other websites
let foo.com have evercookies on my computer about everything i do... at foo.com. not a problem. but i don't ever want foo.com too see what i do at fubar.com, and visa versa
of course, foo.com can sell my info to fubar.com through different channels, but that's a problem that predates the internet, and has nothing to do with browser privacy. and i know if doubleclick has their ads on foo.com, they can infer certain things about my activities at foo.com... actually, now that i think about it, that's a fatal hole in any browser privacy: if a webpage is serving content from another website, such as with advertising networks, we're pretty much doomed no matter what the markup language, aren't we?
to really have browser privacy, you'd have to destroy the entire possibility of webpages serving content from other domains. how the heck do you enforce that? a rule like "when loading content from foo.com, everything on this page must come from foo.com"? is that a viable concept? no more google analytics, no more iframes... i don't know, we're just doomed
but... even if you had that rule, foo.com could just agree with double click to proxy their ads, running them through their servers, so everything is coming from one domain, even though it really isn't. then they can simply see how one particular ip address walks across the web where they have similar agreements with other sites. no escape. you'd have to spoof your ip with every request, which breaks all sorts of functionality on most websites. maybe you could have a new ip for every tab, every session... what a nightmare
basically, the concept of privacy on the internet is void. if you type it on the web, it is known, end of discussion. crap
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
The last thing corporate interest wants is a video format which is open and available to everyone. Expect the barrage of crap over HTML5 to continue. The article says nothing about the details of what's so "bad" about HTML5. The best they could come up with is:
"which large amounts of data can be collected and stored on the user's hard drive while online. Because of that process, advertisers and others could, experts say, see weeks or even months of personal data. That could include a user's location, time zone, photographs, text from blogs, shopping cart contents, e-mails and a history of the Web pages visited."
How is this any different than the current 150MB of cache sitting on everyone's comp? The best source they could come up with was an out-of-context quote from someone at the World Privacy Forum and some freelance programmer from New York?? Sorry, but the security issues with HTML5 are going to be in the implementation layer -- just like Flash, Silverlight, or Active-X. With security, it's rarely the technology which is at fault, it's the way the technology is used in the codebase.
boycott slashdot February 10th - 17th check out: altSlashdot.org
Granted, I haven't really been only the whole HTML5 bandwagon, but why would any application want to store data on the client machine other then a session id, whether it's user information, preloaded application data, or buying habits? Last time I had anything to do with anything like this was a web based application to run some laboratory instruments where I work, and the only thing we kept on the client machine was a session cookie, which would be regenerated anytime tracking information (ip,browser info) didn't match, or after a 1/2 hour timeout. Making sure the browser didn't cache data was a friggin' nightmare if I remember correctly.
I mean, from an advertisers point of view, what's to stop a browser, either via plugin or natively, to supply random/or junk information to to the bucket. I know I'd be inclined to let facebook know that I currently reside somewhere in North Korea, drive a flying saucer to work and enjoy eating broken glass. If somebody's application relied on that information, that's their fault. By extension,I know I wouldn't enjoy my bank account, insurance account, loan account, or anything similar ever being stored on my machine.
I don't care what the encryption will be/if anything. In either scenario, it is an unsatisfactory method. How hard would it be for a malicious program to replace the data buckets for bank of stupidia with one that has a redesigned interface. If the software could replace the button that says "change address" with one that says "check statement," and respond to such a click by rapidly filling out the form and submitting the data, the user might not realize what's going until it's to late, if ever. To prevent this, the server-side checking is going to have to be grossly more sophisticated, all to save a paltry ammount of bandwidth!? I doubt the 5*10^9 MB of data is going to even be worth the cost of defending a single lawsuit.
Obviously a goofy example, but I think it makes the point. In science, we trust the user (our 5 senses) very little. In the inter-tubes, we should trust them even less!!!!
Blocks all kinds of crap. Speeds up browsing, too. Even on Slashdot it blocks Google Analytics and something from demandbase.com.
Of course, you'll need lots of exception rules, but if you want to be aware of where your browser goes to get its files, it's well worth it.
for technology in new_technologies:
print "Privacy experts [see:someguy] are concerned %s doesn't protect user privacy."%technology
"Sorrow is better than laughter, for by sadness of face the heart is made glad." [Ecclesiastes 7:3]
This reminded me of a piece of software called evercookie, it uses like 10 different ways to keep cookies persistent in a user session, HTML5 items being one of them. I would post the link, but it seems that Slashdot doesn't support copy and paste in Chrome 6.
So will IPv6, Semantic Web, Social Web, Facial Recognition, and any P2P protocols coming in future seriously invade our privacy. Neither did HTTP, IPv4, and SMTP cared about privacy.
Get over of the privacy FUD and face the reality: We the programmers who design the architecture of the Internet don't care about privacy. Tell me brilliant slashdotters, if you have the manpower and time, how would you redesign IPv6, Semantic Web, or any other protocols from the ground up to protect users' privacy, and whether you would or should care about privacy protection within the protocols?
The age of privacy is over, the Internet is all about publicy. I might get troll for saying this, but privacy is more like copyright protection and censorship rather than freedom and openness. For those of you who are still open minded towards the discussion on privacy and publicy, please do visit Jeff Jarvis' blog and reconsider whether you'd like to join the publicy camp instead.
Runners better start running, now..
What features does HTML5 include that let one server access any data other than that created by that server, or by the client user through the HTML GUI sent by that server? Why should any client state be available to the server, except the same kind of client-side feature list of supported media types and browser version that we've had since HTML1.0?
--
make install -not war
chmod -R a-w is your friend.
Where is the icon for that app?
Under XP it was like this:
Creatures such as Flash should never be able to store or read anything. They should be locked in their sandboxes with only the input the browser chooses to give them.
The browser chooses to give them a sandbox within whose confines they can store or read what they want. It's called "offline support". Otherwise, web applications would stop working when the client machine disconnects from the Internet.
Assuming the quantity of data is on the Y-axis, I'm literally dying to know what the X-axis represents.
X represents time. Storage density with respect to time has been roughly exponential, much like integrated circuit density (Moore's law).
It just needs a couple hundred bytes to insert an URL to your personal tracking record.
Not all portable devices have cellular data plans, especially in the United States of America. PDAs and netbooks, unlike smartphones, usually disconnect from the Internet when used by passengers in a vehicle. So a web application needs a lot more than a couple hundred bytes to save the objects that the user has chosen to download for offline use. It can use the rest of the space to collect statistics on what the user does inside the offline application.
More and more sites just don't work if you enable strong privacy controls. Some of this seems to be deliberate, and it's getting worse.
HTML5 cloaks itself in the guise of open development but in reality all the work is done by the few companies that are browser vendors and they just are writing down whatever they want anyway.
UNIX provides chroot(), but it requires root privileges, so you'd need a plugin launcher that was setuid root, which makes it very attractive target for exploits.
UNIX also provides inetd, which runs setuid root to listen on well-known ports but drops privileges as soon as they're no longer needed. Likewise, a plugin container can cwd(), chroot(), and setuid() before processing any untrusted input.
And re-boot often.
Geo location is another example of geeks being lax on security, like thinking that linux security is ok because its better than windows, or thinking that dinosaur exploits like buffer overflows and such are ok because that is how its always been or its open source. If a big organization didn't bring us SElinux would we have done anything like it in the next 10 years?
We geeks plaster personal information like IRC logs everywhere. We continue to expose the IP address of anyone connected to IRC. Freenode is a monument to geeks not caring about privacy. We make our awstats with IP address listings public because its cool. Our encyption methods are impossible-painful or nothing, never anything in between. We're proud of storeing all our chat publicly for ever on archive.org.
While the "but you have to push a button" defence might work when big corporations are involved...
What about internet bullys? imagine someone sending the goat man to your home address
"Wants to know your location?" "Share Location" sounds like weak UI. very easy to social engineer. or even convince someone knowingly who wouldn't normally enter in any personal information. what is a "location", my computer doesn't have GPS, who would guess? I bet its easier than you or I think it is.
Someone once hacked into a website, i googled his IP, on which i found some Half-life(game) stats pages that publicly lists IP addresses(on purpose) along with his nick name and Half-life-unique-id, from his Half-life-unique-id i could find his Steam-Community-profile which is like Facebook-public-lite, from there i could find all his friends and all sorts of personal information. His tech savy profile matched with the hacking.
Seems to me the uninstaller doesn't need an internet connection.
But does the uninstaller of Flash Player for Windows remove LSOs and other Flash settings (like apt-get --purge remove packagename)? Or does it remove only the plug-in and leave the LSOs and settings behind (like apt-get remove packagename)?
I saw this when I picked up the paper and after having a good laugh wrote up my thoughts.
It would be very difficult to entertain the illusion of privacy on the web. You would immeditly strip half the comfort code that is build in by disabling JavaScript and Cookies. Local storage (and others) does little, if anything, to reduce that hit.
look mate, this isn't a help forum.
I used Google to search for a help forum, and the answer was "use Qt". Do you agree or disagree?
you do know how to use google don't you...?
I know how to get to Google, but I don't always know how to choose the right keywords given that so many words have synonyms. Nor does Google have an index for the reliability of sources found in search results, apart from whether or not they cause malware to be downloaded.
"This is not a secret cabal for ..."
WTF? Isn't that what every cabal says? Am I the only one who thinks there is a cabal?
The article is nonsense. Every privacy problem mentioned either doesn't exist or predates HTML5. Every browser has a security team that carefully reviews any new features for privacy breaches and reports problems back to the standards bodies before implementation. Everyone involved in web standards is well aware of all of these issues and tries to head them off at the pass. No website can read another website's data, none can store things without the user's permission, and nothing stops users from clearing all private data at any time.
Let's look at this systematically. First of all:
Web Storage, Web SQL Database, and IndexedDB are three of the standards commonly lumped in with HTML5, and all of them do indeed allow larger amounts of data to be stored client-side than ever before. What the article doesn't mention is it's only available to the site that stored it, and users can clear it as easily as cookies. It poses absolutely no privacy threat beyond cookies: if a server wants to store data on your computer, it can already just store it on the server and store a short identifying key as the cookie.
What the unnamed "experts" here say is therefore crazy. Nothing in HTML allows advertisers to see your location or time zone without your consent, let alone shopping cart contents or e-mail. Since the article doesn't deign to specify what HTML5 technologies are supposed to be able to do this magic, I can't refute it beyond saying it's just nonsense.
Hâkon knows what he's talking about – he's a notable figure in the web standards community, editing such high-profile standards as CSS 2.1. But look at what he says carefully: trackers get "one more bucket". One more just like all the others, which can be controlled and cleared along with all the others, thus no greater privacy risk. I'd bet good money that this quote of his is taken completely out of context, and that he was dismissing the reporter's fearmongering.
Then there's mention of evercookie. But nothing that evercookie does relies on any HTML5 feature. Yes, it stores things in four different types of HTML5 storage, but again, those are cleared just like cookies. Try it yourself: create an evercookie on that page, clear your cookies from your browser's menus, and then click to rediscover cookies. You'll see that the four HTML5 methods (localData, globalData, sessionData, dbData) are all cleared too.
(There is one other mention of HTML5 on evercookie's page, but it's red herring. The pngData mechanism uses HTML5 canvas, but if you look at how it works, it would work just as easily by storing a JavaScript file or even a plain text file, and retrieving it via <script> or XMLHttpRequest.)
It's worth emphasizing, by the way, that using your browser's "private browsing mode" (whatever it's called) will completely defeat evercookie. So this is not some earth-shattering problem that no one's thought of.
The article goes on:
MediaWiki developer, Total War Center sysadmin