Slashdot Mirror

← Back to Stories (view on slashdot.org)

W3C Group Proposed To Safeguard User Agent State Privacy

Posted by timothy on from the dry-title-but-juicy-facts dept.

First time accepted submitter FredAndrews writes "A Private User Agent W3C Community Group has been proposed to tackle the privacy of the web browser by developing technical solutions to close the leaks. Current Javascript APIs are capable of leaking a lot of information as we browse the Internet, such as details of our browser that can be used to identify and track our online presence, and the content on the page (including any private customizations and the effects of extensions), and can monitor and leak our usage on the page such a mouse movements and interactions on the page. This problem is compounded by the increased use of the web browser as a platform for delivering software. While the community ignores the issue, solutions are being developed commercially and patented — we run the risk of ending up unable to have privacy because the solutions are patented. The proposed W3C PUA CG proposes to address the problem with technical solutions at the web browser, such as restricting the back channels available to Javascript, and also by proposing HTML extensions to mitigate lost functionality. Note, this work cannot address the privacy of information that we overtly share, and there are other current W3C initiatives working on this, such as DNT."

14 of 76 comments (clear)

  1. want to be private by ozduo · · Score: 2, Insightful

    don't visit the internet

    --
    I got to the chocolate box before you, that's why the hard ones have teeth marks.
    1. Re:want to be private by hairyfeet · · Score: 2

      Actually what we need is to replace JavaScript. I mean Good Lord the thing was designed in an earlier and frankly more naive age, they even named it after Java because java was supposed to be the "next new thing" and they wanted to ride the buzz. It was just never designed for security and with more and more crap bolted to it to allow webapps it just gets worse every year. heck block all ads and watch the malware drop, the design just isn't very good for today's threats.

      No what we need is a new language designed from the ground up for isolation and sandboxing, where ALL code is treated as totally untrusted and locked in a little box no matter what. We have browsers bolting this functionality on but honestly its turd polishing, JavaScript just wasn't meant to be in any way secure but with more and more of our banking and shopping done online we need a newer better design. Perhaps something more virtual machine like where the regular web gets locked into a sandbox with practically no permissions, and then a limited whitelist set up by the user for banks, shopping, etc that uses a completely different VMed browser instance with zero in common.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  2. Yet another abuse of the patent system by Taco+Cowboy · · Score: 3, Insightful

    The patent system was set up to encourage more people to invent new stuffs - by protecting the interest of the inventor.

    It was never intended for the restriction of the rights of others to protect themselves.

    The use of patent in the solutions as outlined by TFA is another clear cut example of the abuse of the patent system.

    I do not know how much more the world must suffer before the power that be wakes up to the fact that the patent system is hopelessly broken.

    Overhaul the patent system now !

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:Yet another abuse of the patent system by manu0601 · · Score: 2

      I do not know how much more the world must suffer before the power that be wakes up to the fact that the patent system is hopelessly broken.

      In most countries, the political parties able to govern serves the interests of the wealthiers. Patents as a tool to defend against challenger is good for the them. Nothing can change without more power to the people, which is really not an easy problem to solve. The Referendum d'Initiative Populaire is a solution, but there are not many countries where this exists

  3. Re:An even better idea. by causality · · Score: 3, Interesting

    Do away with the patent system. Get rid of copyright while you're at it.

    A non-renewable copyright of five to ten years, which is valid only if owned by a natural (living, breathing, non-corporate) person, and becomes fully public domain at expiration... that might not be such a bad thing.

    --
    It is a miracle that curiosity survives formal education. - Einstein
  4. Translation... by EdIII · · Score: 3

    The proposed W3C PUA CG proposes to address the problem with technical solutions at the web browser, such as restricting the back channels available to Javascript, and also by proposing HTML extensions to mitigate lost functionality.

    In other words, we are going to break functionality used in just about every website out there, especially SAAS platforms that depend on it for delivering software.

    That's okay though, because we are going to replace that functionality with HTML extension. You have tens of thousands of dollars to pump back into software development right?

    Sheesh. I get where they are coming from, but man does it suck for people actually trying to develop and deliver complex platforms with web browsers as front ends.

    1. Re:Translation... by EdIII · · Score: 3, Interesting

      Ohhh, yeah, sure. It's just that simple. Write a client.

      There is a *reason* why a web browser is used:

      - Cross platform. Linux, Mac, Windows, embedded whatever.
      - No development costs directly associated with the client.
      - Upgrades are instantaneous. CTRL-F5 effectively reloads all the software for a site.
      - For some use cases it means a significantly cheaper interface to business platforms. No expensive licenses client side, or maintenance costs for a fat client.
      - For some use cases, it does not mean SAAS. It could be an internal, proprietary, business platform delivered through a web interface only.
      - For some use cases, it could mean greatly enhanced security as you have an internal website that services all interactions with customer data. No direct access to back end data is even possible.

      Subscription models make perfect sense in some cases. You're rather simplistic rant about those fees completely ignores the fact that for businesses it often makes financial sense. In order to run your own platform you need to:

      - Absorb 100% of the costs of development.
      - Absorb 100% of the costs of maintenance, which includes keeping software engineers on staff who designed it.
      - Absorb 100% of the costs of operating the platform. Includes servers, bandwidth, software licenses, etc.

      I'm sure there are other costs and caveats I am not mentioning too.

      I've looked into some very expensive SAAS platforms (30k per month subscription fee). I can tell you it actually made sense. To develop that platform would have taken me a team of developers and minimum 18 months to deliver. I have no doubt that I could have pulled it off, but in the end it would have cost more than the fees and required almost the subscription fee per month just to keep some of the developers on staff to maintain it, and continue to develop features we may need in the future.

      Holding customer's data hostage? That only happens if you're an idiot . Have a very well spelled out legal contract, and make nightly incremental backups of your data. Some of the SAAS providers I have worked with set up an rsync of our data to our own servers. We back that up incrementally as well.

      So where is the data being held hostage? It's not. What you are held hostage to is the platform. That is going to be true whether the platform exists some place else, or is a local executable on a local server in your company. That you are not always going to be able to get around very quickly. Switching business platforms is not something one just does for the heck of it.

      Things shift around of course, but right now local clients that connect to business platforms are going the way of the dinosaur. Honestly, why even do it at all? Does not a standardized client that runs across multiple platforms not make sense to you at all? It happens to be a web browser right now, and in a more limited fashion Java, but it makes perfect sense to have one. Perhaps that is why SAAS has been taking off so fast. You know... the benefits to the end users.

  5. Re:An even better idea. by james_gnz · · Score: 4, Interesting

    The costs of patent litigation exceed their investment value in all industries except chemistry and pharmaceuticals.
    Bessen, James & Meurer, Michael J. (2008) Patent Failure. Princeton University Press.
    So it would make sense to abolish patents in all other areas.

    The economically optimal copyright length, assuming a single flat term, is slightly less than 15 years
    Pollock, Rufus (2009) Forever Minus a Day? Calculating Optimal Copyright Term.
    I think it might be better to have a shorter copyright term followed by a further copyleft term though.

  6. Just undo the browser mistakes by Skapare · · Score: 5, Insightful

    Browsers had a lot of bad things done in them over the years. These should just be removed. Start with the Referer (regardless of spelling) field. If the domain is different, don't transmit it. Of course this only scratches the surface. When the user visits another domain, launch a whole new browser in a separate process. Also, do not expose data to a page's client side code about things like navigation to other pages when they are done in different tabs or windows. And when returning the view back to a previously viewed page, just view the previous contents ... do NOT reload the page. The only time a page should be reloaded is when the user navigates to it via a link, or presses reload, or the client code for that page requests reloading only itself or a page in the same directory.

    Yeah, they can break a lot of functionality that dumb web developers came to depend on. But these are things that never should have been there to begin with.

    --
    now we need to go OSS in diesel cars
  7. ...because the solutions are patented." by Penurious+Penguin · · Score: 3, Insightful

    First, http://www.techdirt.com/articles/20120920/23570020453/when-even-hilarious-web-comic-artists-are-mocking-insanity-patent-system.shtml

    Admitting my primitive understanding of this subject, I have some questions; Is sandboxing undervalued? is sending all cache to unique directories that can only be read by the source they were created for practical? Would generating random or shared generic user-agent data for each domain for each encounter have any effect? I have taken simple privacy measures like chmod 400 ~/.macromedia and ~/.adobe; installing noscript, flashblock; bloating /etc/hosts with loopback redirects, thrashed around in about:config, piously used bleachbit, etc.-- but I guess there are still kissmetrics and other mysterious things to deal with.

    I remember trying the EFF's panopticlick, which tests your browser for its unique fingerprint. I was a little surprised at the results. What does something like the time-stamp mean for anonymity? How many people in the world have identical installation times and zip-codes, etc.? Why does this and other data need to be there as it is?

    I get confused when contemplating why such promiscuous features are included in browsers in the first place. Are we simply using stupid browsers? Would creating a secure browser break its functionality? I know noscript can be a pain in the ass. What really confuses me is why a browser would store persistent cookies and other data -- after being deleted -- unless it was built to do so. If so, then why? If not, then why? When I start a browser from a fresh install or USB, it works just fine. If I reboot and do it again, it continues to work fine. Why the persistent data?

    Finally, it should be alarming in itself that so much knowledge is required now to have even a measure of privacy. Those who understand, often take their knowledge for granted. But even for someone practically living and working in the web, it is not an overly simple subject. Is privacy an esoteric delusion, or is it an esoteric reality?

    --
    Forward! -- Emperor Norton, 2012
    1. Re:...because the solutions are patented." by FredAndrews · · Score: 2

      I don't accept that privacy is an all or nothing matter. Why not try and close some obvious invasions of privacy.

  8. Re:An even better idea. by flimflammer · · Score: 4, Insightful

    Who the hell cares who wrote the book at that point? Some people seriously don't think about the consequences of a no copyright no patent environment. If there was absolutely no copyright or patents, the moment someone low in the food chain comes up with something, he can't do anything with it without risking losing it forever. What the hell incentive does he have to anything with it? What the hell reason does anyone have to invest in R&D when someone can just jump in and take the final result and run with it? Do you think we as a people will seriously go "Well they came up with it first, so I'm going to buy their product" when the competitor is offering the same thing at a drastically lower price since they don't have the price of the past R&D to consider?

    Yes, patents are abused and the system is currently absurd. Yes, copyright is abused and the system is currently absurd. (90+ year terms? Come on now.) But removing the systems completely instead of making them better makes no goddamn sense.

  9. Re:An even better idea. by Genda · · Score: 2

    And the author whose fine work you're enjoying is remunerated how?

  10. There is no need to specify the browser. by jd · · Score: 3, Insightful

    The browser string helps to identify if the browser can perform certain functions. So send a string that specifies "server-visible capabilities" (ie: what the user wants the server to know about the capabilities of the browser) instead. Then no browser, OS or other potential privacy loopholes exist.

    But what if you don't want the server to know anything? That's the point about sending a capabilities string. If you don't want to specify, there's no need to. Having said that, setting a bit that indicates "HTML 4.01-compliant" is not revealing anything terribly informative to anyone, since that's going to be true of 99% of user agents at this point. Which means you're not part of the 1%, but that's about it.

    HTML 5 is the only awkweird one, as you'd have to have a bit for some generally-agreed group of functions, since there's no fixed standard. (IIRC, that's going to switch to having a "rolling development branch" and fixed "stable snapshots", but for now there's no stable spec you can identify with a simple flag.)

    True, some browsers implement subsets (and/or extensions to) approved standards, but frankly the headache for developers is to support those kinds of freaks. A fixed list of supported standards you can switch between is really what you want. Special cases for every browser make for something that is unmaintainable, as anyone who has developed a web app can tell you. Freak cases really should be reduced to "nearest available standard" where at all possible.

    This satisfies all the requirements of the server, for behaving correctly on multiple browsers, without giving anything away that could be misused.

    Furthermore, since I'm saying the capabilities string is a bunch of flags, you can specify masks per site or site grouping if you want to conceal some information from some servers. (This makes user tracking via the agent impossible, since the agent can now vary and there's fine-grained control over how it varies.) Not a million miles from how security is handled in every other case.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)