Slashdot Mirror


W3C Group Proposed To Safeguard User Agent State Privacy

First time accepted submitter FredAndrews writes "A Private User Agent W3C Community Group has been proposed to tackle the privacy of the web browser by developing technical solutions to close the leaks. Current Javascript APIs are capable of leaking a lot of information as we browse the Internet, such as details of our browser that can be used to identify and track our online presence, and the content on the page (including any private customizations and the effects of extensions), and can monitor and leak our usage on the page such a mouse movements and interactions on the page. This problem is compounded by the increased use of the web browser as a platform for delivering software. While the community ignores the issue, solutions are being developed commercially and patented — we run the risk of ending up unable to have privacy because the solutions are patented. The proposed W3C PUA CG proposes to address the problem with technical solutions at the web browser, such as restricting the back channels available to Javascript, and also by proposing HTML extensions to mitigate lost functionality. Note, this work cannot address the privacy of information that we overtly share, and there are other current W3C initiatives working on this, such as DNT."

1 of 76 comments (clear)

  1. Re:want to be private by Anonymous Coward · · Score: -1, Flamebait

    Actually what we need is to replace JavaScript. I mean Good Lord the thing was designed in an earlier and frankly more naive age, they even named it after Java because java was supposed to be the "next new thing" and they wanted to ride the buzz. It was just never designed for security and with more and more crap bolted to it to allow webapps it just gets worse every year. heck block all ads and watch the malware drop, the design just isn't very good for today's threats.

    No what we need is a new language designed from the ground up for isolation and sandboxing, where ALL code is treated as totally untrusted and locked in a little box no matter what.

    Like Java? Fuck you.