For example, Mozilla supported CSP reporting being required. I tried hard to just allow CSP reporting to be optional, but even the Mozilla reps failed to support me, actually they were quite rude. I would note that Mozilla provide no option to disable the reporting when CSP is enabled. The mandatory CSP reporting effectively outsources client side security to the cloud and leads to the CSP becoming useless for enforcement by the user. The proponents held the view that most deployments would be 'reporting' not enforcement and that allowing reporting to be optional was a show stopper. PayPal organized a 'red-herring' discussion about fingerprinting being inevitable and thus argued that reporting does not add to the privacy issues, but of course fingerprinting is hardly the only issue. Everyone congratulated themselves for 'successfully' addressing the 'privacy' concerns, even the W3C PING, and CSP advances with mandatory reporting - PayPal got what they wanted and probably had a good laugh. My trust in Mozilla is limited, but they still seem worthy of some support for their work. I believe a shadowing derivative distribution by a separate entity will be necessary to really tackle some areas of concern.
Mozilla keeping the code base open source does go a long way to protecting the open web, as attempts by Google to compromise Mozilla can be 'corrected' by derivative distributions. Keep up the good work.
However Mozilla might not be best placed to stand up to Google given that they get the bulk of revenue from Google advertising streams!
Would Mozilla be prepared to eek out a much diminished existence without the advertising revenue?
Mozilla could help the situation a lot be publicly refusing to implement the EME API, and adding ad-blocking infrastructure etc.
DRM actually restricts what people can do, so it hardly encourages creativity. You might argue it helps support a revenue model to reward creativity but this is a separate matter. If people can not exercise fair use rights then this limit creativity. If people are restricted in how they use the content in their own privacy then entire ecosystems are eliminated that produce innovative ways to better use content in your own privacy.
You might be interesting in the work of the W3C Private User Agent Community Group that is exploring solutions to prevent such leaks. One option for limiting the capability to leak the mouse positions is to limiting the back channels available to leak the state out to the web. A web browser that resists such leaks can still support rich client side Javascript content. Not surprisingly, early results demonstrate that much web advertising is caught by such protections - for example Google search ads still work but most content network ads violate security and are blocked. Other options are being explored such as declarative web actions to offload interactive tasks to trusted apps, and a curated database of trusted scripts that implement widely used features such as slide shows etc. There is a lot of resistance from shills wanting to entangle our computing use with web services and even offload web browser security to the cloud, and they are currently winning, so if people are interested in such solutions then please consider supporting this group, see: http://www.w3.org/community/pua/
A significant motivation for starting the W3C Private User Agent community group was the experience of watching children using online apps with the understand of all the covert monitoring and tracking going on. I believe that a lot could be done to better secure the privacy of the web browser and to better support a more private platform for children, and others. Most of the apps for very young children really do not need to be connected to the web, the apps just need to be downloaded, and could then be run in a sandbox.
Personal computers have traditionally been a private space and the Internet has not been 'complete anarchy' so you are simply wrong. Simply because the web browser is becoming a platform for delivering applications should in no way make the personal computer open to the covert sharing of its state. I understand that 'privacy' is a loaded word and perhaps you have misunderstood the intention of this group - 'complete privacy on the Internet' is certainly way out of its scope as is discussion about privacy in public places. I believe it is possible to do a lot better than simply disabling Javascript and this is a challenge for the group. Please understand that I expect a web application run on my personal computer to have the same level of privacy as a local application which I do not believe is unreasonable, and if the HTML standards can not and will not address this issue then I believe they have lots their legitimacy.
Noscript has many useful features, and some of it's features are being integrated into standards, such as ClearClick which is proposed for CSP - although in CSP it is proposed that any violations are silently reported to the server rather than the user. I think we can do better than just disabling JS to prevent covert sharing of UA state. Further there are other source of leaks, such as CSS.
Limiting the back channels available to Javascript should not limit the ability to write interactive games. Networked games may need to be white-listed, but if just sharing a high score etc then an intentional form submission could suffice.
Through a navigation request or form submission request, or you can send me Javascript to handle the button click on the UA and it will be run in a context that has no access to back channels, or it may be that the button press is intentional enough that it could be passed to a Javascript context that has no access to the AU state but can proxy the event back to your server and then forward an update from your server back to the private UA context. Keep in mind that this is a proposed group to work on the issues, not a detailed proposal to solve all the problems.
The proposed group is open to a range of technical solutions. Limiting the back channels open to Javascript is one approach and this could be very effective for many web activities and still support interactive pages driven by Javascript such as games and children's leaning tools. Another approach is limiting the access that Javascript has to the UA state or spoofing the state. A combination of both approaches may also be explored. Javascript is not the only issue, there are other leaks that also need to be addressed. Unfortunately it does not appear possible to solve the problems without breaking something, but I do not accept that this is a good reason not to fix the problems. The damage just gets worse as new standards are developed ignoring the issue and building upon functionality that is not salvageable. User Agents already allow Javscript to be completely disabling and a good range of website are still quite functional, and I am confident we can do a lot better the this.
The word 'privacy' is quite loaded and is used in a lot of other contexts. The PUA CG is proposed to have a narrow scope so it can efficiently address the privacy of the web browser state. The W3C already has other forums to develop other areas of privacy and they are welcome to it.
Slashdot Mirror
For example, Mozilla supported CSP reporting being required. I tried hard to just allow CSP reporting to be optional, but even the Mozilla reps failed to support me, actually they were quite rude. I would note that Mozilla provide no option to disable the reporting when CSP is enabled. The mandatory CSP reporting effectively outsources client side security to the cloud and leads to the CSP becoming useless for enforcement by the user. The proponents held the view that most deployments would be 'reporting' not enforcement and that allowing reporting to be optional was a show stopper. PayPal organized a 'red-herring' discussion about fingerprinting being inevitable and thus argued that reporting does not add to the privacy issues, but of course fingerprinting is hardly the only issue. Everyone congratulated themselves for 'successfully' addressing the 'privacy' concerns, even the W3C PING, and CSP advances with mandatory reporting - PayPal got what they wanted and probably had a good laugh. My trust in Mozilla is limited, but they still seem worthy of some support for their work. I believe a shadowing derivative distribution by a separate entity will be necessary to really tackle some areas of concern.
Mozilla keeping the code base open source does go a long way to protecting the open web, as attempts by Google to compromise Mozilla can be 'corrected' by derivative distributions. Keep up the good work. However Mozilla might not be best placed to stand up to Google given that they get the bulk of revenue from Google advertising streams! Would Mozilla be prepared to eek out a much diminished existence without the advertising revenue? Mozilla could help the situation a lot be publicly refusing to implement the EME API, and adding ad-blocking infrastructure etc.
DRM actually restricts what people can do, so it hardly encourages creativity. You might argue it helps support a revenue model to reward creativity but this is a separate matter. If people can not exercise fair use rights then this limit creativity. If people are restricted in how they use the content in their own privacy then entire ecosystems are eliminated that produce innovative ways to better use content in your own privacy.
You might be interesting in the work of the W3C Private User Agent Community Group that is exploring solutions to prevent such leaks. One option for limiting the capability to leak the mouse positions is to limiting the back channels available to leak the state out to the web. A web browser that resists such leaks can still support rich client side Javascript content. Not surprisingly, early results demonstrate that much web advertising is caught by such protections - for example Google search ads still work but most content network ads violate security and are blocked. Other options are being explored such as declarative web actions to offload interactive tasks to trusted apps, and a curated database of trusted scripts that implement widely used features such as slide shows etc. There is a lot of resistance from shills wanting to entangle our computing use with web services and even offload web browser security to the cloud, and they are currently winning, so if people are interested in such solutions then please consider supporting this group, see: http://www.w3.org/community/pua/
A significant motivation for starting the W3C Private User Agent community group was the experience of watching children using online apps with the understand of all the covert monitoring and tracking going on. I believe that a lot could be done to better secure the privacy of the web browser and to better support a more private platform for children, and others. Most of the apps for very young children really do not need to be connected to the web, the apps just need to be downloaded, and could then be run in a sandbox.
Personal computers have traditionally been a private space and the Internet has not been 'complete anarchy' so you are simply wrong. Simply because the web browser is becoming a platform for delivering applications should in no way make the personal computer open to the covert sharing of its state. I understand that 'privacy' is a loaded word and perhaps you have misunderstood the intention of this group - 'complete privacy on the Internet' is certainly way out of its scope as is discussion about privacy in public places. I believe it is possible to do a lot better than simply disabling Javascript and this is a challenge for the group. Please understand that I expect a web application run on my personal computer to have the same level of privacy as a local application which I do not believe is unreasonable, and if the HTML standards can not and will not address this issue then I believe they have lots their legitimacy.
Noscript has many useful features, and some of it's features are being integrated into standards, such as ClearClick which is proposed for CSP - although in CSP it is proposed that any violations are silently reported to the server rather than the user. I think we can do better than just disabling JS to prevent covert sharing of UA state. Further there are other source of leaks, such as CSS.
Limiting the back channels available to Javascript should not limit the ability to write interactive games. Networked games may need to be white-listed, but if just sharing a high score etc then an intentional form submission could suffice.
I don't accept that privacy is an all or nothing matter. Why not try and close some obvious invasions of privacy.
Through a navigation request or form submission request, or you can send me Javascript to handle the button click on the UA and it will be run in a context that has no access to back channels, or it may be that the button press is intentional enough that it could be passed to a Javascript context that has no access to the AU state but can proxy the event back to your server and then forward an update from your server back to the private UA context. Keep in mind that this is a proposed group to work on the issues, not a detailed proposal to solve all the problems.
The proposed group is open to a range of technical solutions. Limiting the back channels open to Javascript is one approach and this could be very effective for many web activities and still support interactive pages driven by Javascript such as games and children's leaning tools. Another approach is limiting the access that Javascript has to the UA state or spoofing the state. A combination of both approaches may also be explored. Javascript is not the only issue, there are other leaks that also need to be addressed. Unfortunately it does not appear possible to solve the problems without breaking something, but I do not accept that this is a good reason not to fix the problems. The damage just gets worse as new standards are developed ignoring the issue and building upon functionality that is not salvageable. User Agents already allow Javscript to be completely disabling and a good range of website are still quite functional, and I am confident we can do a lot better the this.
The word 'privacy' is quite loaded and is used in a lot of other contexts. The PUA CG is proposed to have a narrow scope so it can efficiently address the privacy of the web browser state. The W3C already has other forums to develop other areas of privacy and they are welcome to it.