HTML5 Draws Concern Over Risks To Privacy

Hugh Pickens writes "The NY Times reports that in the next few years, HTML5 will provide a powerful new suite of capabilities to Web developers that could give marketers and advertisers access to many more details about computer users' online activities. The new Web language and its additional features present more tracking opportunities because the technology uses a process in which large amounts of data can be collected and stored on the user's hard drive while online. Because of that process, advertisers and others could, experts say, see weeks or even months of personal data that could include a user's location, time zone, photographs, text from blogs, shopping cart contents, e-mails and a history of the Web pages visited. 'HTML5 opens Pandora's box of tracking in the Internet,' says Pam Dixon, the executive director of the World Privacy Forum. Meanwhile Ian Jacobs, head of communications at the World Wide Web consortium, says the development process for HTML5 will include a public review. 'There is accountability,' Jacobs says. 'This is not a secret cabal for global adoption of these core standards.'"

Re:Don't cookies do the same thing?

[captainpanic]

So, the actual news is that although we get new technology, old problems still aren't fixed?

The fact that with current technology all this data is already available doesn't mean that it does not need to be fixed in the future.

the issue seems to hinge on one concept:

[circletimessquare]

i don't have a problem with a website seeing everything i do on that website. i have a problem with a website seeing what i do on other websites

let foo.com have evercookies on my computer about everything i do... at foo.com. not a problem. but i don't ever want foo.com too see what i do at fubar.com, and visa versa

of course, foo.com can sell my info to fubar.com through different channels, but that's a problem that predates the internet, and has nothing to do with browser privacy. and i know if doubleclick has their ads on foo.com, they can infer certain things about my activities at foo.com... actually, now that i think about it, that's a fatal hole in any browser privacy: if a webpage is serving content from another website, such as with advertising networks, we're pretty much doomed no matter what the markup language, aren't we?

to really have browser privacy, you'd have to destroy the entire possibility of webpages serving content from other domains. how the heck do you enforce that? a rule like "when loading content from foo.com, everything on this page must come from foo.com"? is that a viable concept? no more google analytics, no more iframes... i don't know, we're just doomed

but... even if you had that rule, foo.com could just agree with double click to proxy their ads, running them through their servers, so everything is coming from one domain, even though it really isn't. then they can simply see how one particular ip address walks across the web where they have similar agreements with other sites. no escape. you'd have to spoof your ip with every request, which breaks all sorts of functionality on most websites. maybe you could have a new ip for every tab, every session... what a nightmare

basically, the concept of privacy on the internet is void. if you type it on the web, it is known, end of discussion. crap

Re:Don't cookies do the same thing?

[icebraining]

They are, if you care. Most browsers allow you to disallow cookies, storage, etc, or clean them up periodically.

Most people don't care. No: most people want to be remembered by the sites for convenience, and they mostly definitively don't want to have to allow/disallow on a site by site basis.

The problem isn't technological, it's sociological.

Re:Don't cookies do the same thing?

[captainpanic]

Genuine question - if people honestly don't care, then is it really a problem?

Is it that they don't care, or don't understand?

If people honestly don't understand the problem, then it's up to a government to protect the people, or up to the producer of a particular product to protect its customers (enforced by laws to protect the people).

Privacy is an abstract concept, which is difficult to understand for most people. Privacy for most people still means "to be able to close the curtains at night", and has nothing to do with the internet or any other digital technology.

How, Specifically?

[Doc+Ruby]

What features does HTML5 include that let one server access any data other than that created by that server, or by the client user through the HTML GUI sent by that server? Why should any client state be available to the server, except the same kind of client-side feature list of supported media types and browser version that we've had since HTML1.0?

Turning on privacy breaks the web

[Animats]

More and more sites just don't work if you enable strong privacy controls. Some of this seems to be deliberate, and it's getting worse.

• If you don't let YouTube store Flash data, the "Press ESC to exit full screen mode" message will not disappear.
• If you block third party cookies, CBS TV video won't play.
• If you block most cookies, many video sites will play the same ad over and over.
• "511.org", a Government-run site for traffic information, goes into an infinite reload loop if you block Google Analytics.