Slashdot Mirror

← Back to Stories (view on slashdot.org)

HTML5 Draws Concern Over Risks To Privacy

Posted by CmdrTaco on from the are-you-scared-yet dept.

Hugh Pickens writes "The NY Times reports that in the next few years, HTML5 will provide a powerful new suite of capabilities to Web developers that could give marketers and advertisers access to many more details about computer users' online activities. The new Web language and its additional features present more tracking opportunities because the technology uses a process in which large amounts of data can be collected and stored on the user's hard drive while online. Because of that process, advertisers and others could, experts say, see weeks or even months of personal data that could include a user's location, time zone, photographs, text from blogs, shopping cart contents, e-mails and a history of the Web pages visited. 'HTML5 opens Pandora's box of tracking in the Internet,' says Pam Dixon, the executive director of the World Privacy Forum. Meanwhile Ian Jacobs, head of communications at the World Wide Web consortium, says the development process for HTML5 will include a public review. 'There is accountability,' Jacobs says. 'This is not a secret cabal for global adoption of these core standards.'"

6 of 163 comments (clear)

  1. FUD by The+MAZZTer · · Score: 5, Informative

    Article reads like it was written by someone who has no idea about the time and effort taken to sandbox sites from each other. Sounds like he's talking about LocalStorage or client side DBs, which can hold more data but are no more privacy risks than a single unique ID stored in a cookie linked to an unlimited REMOTE database. Accessing web history is not a part of HTML5, more FUD there, and browser vendors are working to block JS from being able to access that information. They also seem to refer to geolocation, which in Chrome at least has to be explicitly granted to sites unless you turn it on globally.

    The "supercookie" thing is perhaps the one legitimate thing mentioned but browsers should (or probably will if they don't already) clear out most of those locations (except Flash, but you can't blame the browsers for that really) when you clear your private data, which at least Firefox and Chrome can do for you.

    As for "buckets to put tracking information into" why bother relying on "buckets" on the client which may or may not exist, are limited in size, may change or be emptied at any time, etc, when you can buy as many "buckets" as you want server-side and store virtually unlimited data about them?

    1. Re:FUD by TheRaven64 · · Score: 4, Informative

      The browser doesn't allow the plugin to write to the disk, the OS does. Plugins are just libraries - they can do anything that any binary can do. If you are using nspluginwrapper on *NIX, you can make plugins run in a chroot and clean up after them, but file accesses do not go via the browser and 'modern' operating systems do not provide any facilities for running subprocesses that validate system calls via the parent.

      --
      I am TheRaven on Soylent News
    2. Re:FUD by TheRaven64 · · Score: 3, Informative

      Bullshit. Seriously, bullshit. The browser provides the interface through which the plugin can work

      No it doesn't. It provides a set of interfaces that allow the plugin to interface with the browser, but as long as the plugin is native code it can issue system calls. If it can execute an interrupt instruction, it can do anything that any other application can do.

      There are only two possible ways of preventing this. One is to require plugins to be compiled by the browser using a language that does not allow 'unsafe' operations. At a minimum, such a language would need to be garbage collected (otherwise dangling pointers could be used escape) and no pointer arithmetic. Good luck getting plugin writers to rewrite their entire codebase in such a language.

      The other alternative is for the operating system to provide a mechanism for isolating the plugin. UNIX provides chroot(), but it requires root privileges, so you'd need a plugin launcher that was setuid root, which makes it very attractive target for exploits.

      Javascript is blocked from writing to disk, and indeed doing a lot of things in certain circumstances

      Entirely different. The limitations of JavaScript are inherent in the source language. There is no way for JavaScript code to issue interrupts or to make system calls. There is no way for it to call arbitrary C functions in the current address space. The browser's interpreter or compiler for JavaScript simply does not produce any code that can escape the sandbox (modulo bugs).

      the browser can certainly lay down a strict set of rules by which the plugins can and cannot work, and that certainly includes local file access.

      As you so eloquently put it; bullshit. The browser can make any rules that it wants, but it can't enforce them - that was my point. Unless it is intercepting any system calls that the plugin makes (most operating systems don't provide a convenient facility for doing this - you could do it via ptrace(), but the performance hit will be horrible), then it can't prevent a plugin from accessing the filesystem.

      Microsoft got shat on for this a long time ago about ActiveX

      Plugins are an entirely different issue. The problem with ActiveX was that it was downloading arbitrary untrusted code from the Internet and running it with normal app privileges. Plugins, in contrast, are supposed to be trusted code. Installing a plugin requires user action, just like installing an app. If you don't trust the plugin author, you can simply not run their plugin.

      --
      I am TheRaven on Soylent News
  2. Re:Don't cookies do the same thing? by Canazza · · Score: 2, Informative

    http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

    go delete your flash cookies thanks to Adobe's handy deletion tool. First result on Google for "Delete Flash Cookies"

    --
    It pays to be obvious, especially if you have a reputation for being subtle.
  3. AdBlock! by Meneth · · Score: 5, Informative
    My favourite filter:

    *$third-party

    Blocks all kinds of crap. Speeds up browsing, too. Even on Slashdot it blocks Google Analytics and something from demandbase.com.

    Of course, you'll need lots of exception rules, but if you want to be aware of where your browser goes to get its files, it's well worth it.

  4. Re:Don't cookies do the same thing? by maxume · · Score: 2, Informative

    It's not particularly obvious, but there is a fairly easy way to decline them ahead of time:

    http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html

    That's the first result for a Google search on 'flash prefs', but that is pretty much an incantation, not something most people will think of right away. Getting rid of existing flash cookies requires visiting another page there:

    http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

    --
    Nerd rage is the funniest rage.