Slashdot Mirror
W3C Group Proposed To Safeguard User Agent State Privacy
First time accepted submitter FredAndrews writes "A Private User Agent W3C Community Group has been proposed to tackle the privacy of the web browser by developing technical solutions to close the leaks. Current Javascript APIs are capable of leaking a lot of information as we browse the Internet, such as details of our browser that can be used to identify and track our online presence, and the content on the page (including any private customizations and the effects of extensions), and can monitor and leak our usage on the page such a mouse movements and interactions on the page. This problem is compounded by the increased use of the web browser as a platform for delivering software. While the community ignores the issue, solutions are being developed commercially and patented — we run the risk of ending up unable to have privacy because the solutions are patented. The proposed W3C PUA CG proposes to address the problem with technical solutions at the web browser, such as restricting the back channels available to Javascript, and also by proposing HTML extensions to mitigate lost functionality. Note, this work cannot address the privacy of information that we overtly share, and there are other current W3C initiatives working on this, such as DNT."
don't visit the internet
I got to the chocolate box before you, that's why the hard ones have teeth marks.
The patent system was set up to encourage more people to invent new stuffs - by protecting the interest of the inventor.
It was never intended for the restriction of the rights of others to protect themselves.
The use of patent in the solutions as outlined by TFA is another clear cut example of the abuse of the patent system.
I do not know how much more the world must suffer before the power that be wakes up to the fact that the patent system is hopelessly broken.
Overhaul the patent system now !
Muchas Gracias, Señor Edward Snowden !
Do away with the patent system.
Get rid of copyright while you're at it.
Note, this work cannot address the privacy of information that we overtly share
Why do so many people feel an irresistable urge to disclaim claims that were never made?
It's a form of dumbing things down.
It is a miracle that curiosity survives formal education. - Einstein
it and php can require the very things it needs to bring you an good game, jsut as the evil corporate use tracks the website urls...., there should be a separation somehow.....
Now let's solve all the little niggles.
The proposed W3C PUA CG proposes to address the problem with technical solutions at the web browser, such as restricting the back channels available to Javascript, and also by proposing HTML extensions to mitigate lost functionality.
In other words, we are going to break functionality used in just about every website out there, especially SAAS platforms that depend on it for delivering software.
That's okay though, because we are going to replace that functionality with HTML extension. You have tens of thousands of dollars to pump back into software development right?
Sheesh. I get where they are coming from, but man does it suck for people actually trying to develop and deliver complex platforms with web browsers as front ends.
Browsers had a lot of bad things done in them over the years. These should just be removed. Start with the Referer (regardless of spelling) field. If the domain is different, don't transmit it. Of course this only scratches the surface. When the user visits another domain, launch a whole new browser in a separate process. Also, do not expose data to a page's client side code about things like navigation to other pages when they are done in different tabs or windows. And when returning the view back to a previously viewed page, just view the previous contents ... do NOT reload the page. The only time a page should be reloaded is when the user navigates to it via a link, or presses reload, or the client code for that page requests reloading only itself or a page in the same directory.
Yeah, they can break a lot of functionality that dumb web developers came to depend on. But these are things that never should have been there to begin with.
now we need to go OSS in diesel cars
W3C has a lot of members and receives a lot of funding by people who don't want the users to have too much control over their privacy.
First, http://www.techdirt.com/articles/20120920/23570020453/when-even-hilarious-web-comic-artists-are-mocking-insanity-patent-system.shtml
/etc/hosts with loopback redirects, thrashed around in about:config, piously used bleachbit, etc.-- but I guess there are still kissmetrics and other mysterious things to deal with.
Admitting my primitive understanding of this subject, I have some questions; Is sandboxing undervalued? is sending all cache to unique directories that can only be read by the source they were created for practical? Would generating random or shared generic user-agent data for each domain for each encounter have any effect? I have taken simple privacy measures like chmod 400 ~/.macromedia and ~/.adobe; installing noscript, flashblock; bloating
I remember trying the EFF's panopticlick, which tests your browser for its unique fingerprint. I was a little surprised at the results. What does something like the time-stamp mean for anonymity? How many people in the world have identical installation times and zip-codes, etc.? Why does this and other data need to be there as it is?
I get confused when contemplating why such promiscuous features are included in browsers in the first place. Are we simply using stupid browsers? Would creating a secure browser break its functionality? I know noscript can be a pain in the ass. What really confuses me is why a browser would store persistent cookies and other data -- after being deleted -- unless it was built to do so. If so, then why? If not, then why? When I start a browser from a fresh install or USB, it works just fine. If I reboot and do it again, it continues to work fine. Why the persistent data?
Finally, it should be alarming in itself that so much knowledge is required now to have even a measure of privacy. Those who understand, often take their knowledge for granted. But even for someone practically living and working in the web, it is not an overly simple subject. Is privacy an esoteric delusion, or is it an esoteric reality?
Forward! -- Emperor Norton, 2012
how do I tell which button you clicked?
You don't. You send me the entire page, and let me (or my browser) figure out which button I've clicked and what to display. If I want to look at another page, I click on a "link", which doesn't require javascript.
Through a navigation request or form submission request, or you can send me Javascript to handle the button click on the UA and it will be run in a context that has no access to back channels, or it may be that the button press is intentional enough that it could be passed to a Javascript context that has no access to the AU state but can proxy the event back to your server and then forward an update from your server back to the private UA context. Keep in mind that this is a proposed group to work on the issues, not a detailed proposal to solve all the problems.
The browser string helps to identify if the browser can perform certain functions. So send a string that specifies "server-visible capabilities" (ie: what the user wants the server to know about the capabilities of the browser) instead. Then no browser, OS or other potential privacy loopholes exist.
But what if you don't want the server to know anything? That's the point about sending a capabilities string. If you don't want to specify, there's no need to. Having said that, setting a bit that indicates "HTML 4.01-compliant" is not revealing anything terribly informative to anyone, since that's going to be true of 99% of user agents at this point. Which means you're not part of the 1%, but that's about it.
HTML 5 is the only awkweird one, as you'd have to have a bit for some generally-agreed group of functions, since there's no fixed standard. (IIRC, that's going to switch to having a "rolling development branch" and fixed "stable snapshots", but for now there's no stable spec you can identify with a simple flag.)
True, some browsers implement subsets (and/or extensions to) approved standards, but frankly the headache for developers is to support those kinds of freaks. A fixed list of supported standards you can switch between is really what you want. Special cases for every browser make for something that is unmaintainable, as anyone who has developed a web app can tell you. Freak cases really should be reduced to "nearest available standard" where at all possible.
This satisfies all the requirements of the server, for behaving correctly on multiple browsers, without giving anything away that could be misused.
Furthermore, since I'm saying the capabilities string is a bunch of flags, you can specify masks per site or site grouping if you want to conceal some information from some servers. (This makes user tracking via the agent impossible, since the agent can now vary and there's fine-grained control over how it varies.) Not a million miles from how security is handled in every other case.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
http://noscript.net/
This new fixation on privacy becomes absurd. I hope that the commenters are not a representative subset of the population, even here on Slashdot. Do you recognize that complete privacy on the Internet means complete anarchy?
Do you recognize how small privacy you have when you step out of your home? You become uniquely identifiable immediately.
In a small town everybody will know me by my face. Oh my god, how can we live in such a rude word? I should put a sack on my head. But no, my shoes identify me too. Not to mention my fingerpring and DNS. I had to use a hermetic space suit if I go out. Yes, everybody should wear a space suit with black windows. But that may be too expensive for the entire population. Thanks God, there is a good solution, some of our muslim friends already use the burka. Well only for womens, but we can enhance the idea. Let's everyone wear burka. And only visit web sites which are made in the 1990, no login, no custom content, no Javascript, no user generated content, only HTML 3.0.
pushing worse drugs just because the old one's patent expired
In these cases, is the new drug really worse most of the time? If I recall correctly, the patent on fexofenadine (Allegra) came into being as its precursor terfenadine (Seldane), but it turned out that fexofenadine was so much safer than terfenadine that fexofenadine eventually wound up going over the counter. At worst, from what I've seen, the new drug is neither better nor worse, such as loratadine (Claritin) to its active metabolite desloratadine (Clarinex) or racemic omeprazole (Prilosec) to esomeprazole (Nexium).
SAAS folks can then, as the GP suggested, write their own damn (extensible, multi-purpose, cross-platform) clients; and don't call them web browsers.
Under your plan, every student, hobbyist, or micro-ISV who wants to write what used to be called a web application has to pay an extra hundreds of dollars per year to get the client for the former web application into the iOS App Store, Windows Store, and Amazon Appstore, and the application becomes entirely unavailable to users of a platform with a web browser but no program for student, hobbyist, or micro-ISV developers, such as Wii, 3DS, PS3, and PS Vita.
Using cross-platform libraries does, however, hide the expense of becoming and remaining a licensed iOS developer, a licensed Windows Phone 7 developer, and especially a licensed developer for Wii, 3DS, PS3, and PS Vita, all of which have a web browser but no official support for "Unknown sources".
Aren't web browsers supposed to reload on back button if the previous document has expired from cache?
the concept of a user-agent string should never have existed in the first place.
Instead of the User-agent: HTTP header, what way would you have recommended to communicate these to the server?
You send me the entire page
Even the pages that the user doesn't appear to want to view? That'll eat into the user's 5 GB/mo cap quickly.
Browser detection is bad. Websites should use only web standards or experimental features proposed for a standard (most of HTML5).
So other than through browser detection, how is a web site supposed to know which "web standards" and which "experimental features proposed for a standard" a particular user agent supports?
The capabilities of a client should never be determined by some HTTP header field, they should be determined by media queries
Sending the stylesheets for a couple dozen combinations of media queries just to have the user agent select one of them and discard all the rest costs bandwidth. So does sending mark-up that will be hidden with display: none in a particular media query's stylesheet. Besides, the preferred viewport width in WebKit still isn't capable of being controlled by CSS media queries, as the only browser capable of setting it through CSS rather than through <meta name="viewport"> in the HTML is Opera.
or the availability of the corresponding DOM object or function
The extra round trip adds latency.
As a marketer. I propose an more acceptable solution. I suggest all those who do not want javascript to do the backchannel peeking enable a browser setting 'Do Not Peek' which will mirror the incredibly successful 'Do Not Track' option. This is self-regulation at its best, allowing the consumer to consume and the Free Market to proceed in perfect harmony. Remember folks, you do not want the terrorist to win. So as Obushma said' Keep shopping - your country needs you'.
Ccjffjjfufhtctc