W3C Group Proposed To Safeguard User Agent State Privacy

First time accepted submitter FredAndrews writes "A Private User Agent W3C Community Group has been proposed to tackle the privacy of the web browser by developing technical solutions to close the leaks. Current Javascript APIs are capable of leaking a lot of information as we browse the Internet, such as details of our browser that can be used to identify and track our online presence, and the content on the page (including any private customizations and the effects of extensions), and can monitor and leak our usage on the page such a mouse movements and interactions on the page. This problem is compounded by the increased use of the web browser as a platform for delivering software. While the community ignores the issue, solutions are being developed commercially and patented — we run the risk of ending up unable to have privacy because the solutions are patented. The proposed W3C PUA CG proposes to address the problem with technical solutions at the web browser, such as restricting the back channels available to Javascript, and also by proposing HTML extensions to mitigate lost functionality. Note, this work cannot address the privacy of information that we overtly share, and there are other current W3C initiatives working on this, such as DNT."

Just undo the browser mistakes

[Skapare]

Browsers had a lot of bad things done in them over the years. These should just be removed. Start with the Referer (regardless of spelling) field. If the domain is different, don't transmit it. Of course this only scratches the surface. When the user visits another domain, launch a whole new browser in a separate process. Also, do not expose data to a page's client side code about things like navigation to other pages when they are done in different tabs or windows. And when returning the view back to a previously viewed page, just view the previous contents ... do NOT reload the page. The only time a page should be reloaded is when the user navigates to it via a link, or presses reload, or the client code for that page requests reloading only itself or a page in the same directory.

Yeah, they can break a lot of functionality that dumb web developers came to depend on. But these are things that never should have been there to begin with.