Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Privacy Your Rights Online

HTML5 Draws Concern Over Risks To Privacy 163

Posted by CmdrTaco
from the are-you-scared-yet dept.
Hugh Pickens writes "The NY Times reports that in the next few years, HTML5 will provide a powerful new suite of capabilities to Web developers that could give marketers and advertisers access to many more details about computer users' online activities. The new Web language and its additional features present more tracking opportunities because the technology uses a process in which large amounts of data can be collected and stored on the user's hard drive while online. Because of that process, advertisers and others could, experts say, see weeks or even months of personal data that could include a user's location, time zone, photographs, text from blogs, shopping cart contents, e-mails and a history of the Web pages visited. 'HTML5 opens Pandora's box of tracking in the Internet,' says Pam Dixon, the executive director of the World Privacy Forum. Meanwhile Ian Jacobs, head of communications at the World Wide Web consortium, says the development process for HTML5 will include a public review. 'There is accountability,' Jacobs says. 'This is not a secret cabal for global adoption of these core standards.'"
This discussion has been archived. No new comments can be posted.

HTML5 Draws Concern Over Risks To Privacy

Comments Filter:
  • Browsers... (Score:5, Insightful)

    by the_one_wesp (1785252) on Monday October 11, 2010 @07:50AM (#33858292)
    Browsers are still going to be the ones in charge of that kind of storage, just like history, cookies and other current way's of tracking user information. It's just going to require users to CONTINUE being careful about their web usage. I don't see that anything is changing.
  • The irony.... (Score:2, Insightful)

    by tawt (1193211) on Monday October 11, 2010 @07:55AM (#33858314)
    ...of an article about privacy that requires you to register to read it
  • by chemicaldave (1776600) on Monday October 11, 2010 @08:02AM (#33858368)
    I think the fear is that this will contain exponentially more data than do HTTP cookies.
  • Re:FUD (Score:3, Insightful)

    by Richard_at_work (517087) <richardprice.gmail@com> on Monday October 11, 2010 @08:13AM (#33858448)

    browsers should (or probably will if they don't already) clear out most of those locations (except Flash, but you can't blame the browsers for that really) when you clear your private data

    This is the only part of your post that I disagree with - if a browser allows a plugin to write to a location on disk in any form, then the browser should be responsible for further access to that location, and the maintenance of that location, not the plugin. Saying its Flashes fault that these things don't get removed is simply excusing the browser from its responsibilities.

  • Re:Browsers... (Score:3, Insightful)

    by tomhudson (43916) < ... <nosduh.arabrab>> on Monday October 11, 2010 @08:19AM (#33858492) Journal
    chmod -R a-w is your friend.

    And yes, the standard is terrible. Go read it. [w3.org]

    -- Barbie

  • by Darkness404 (1287218) on Monday October 11, 2010 @08:23AM (#33858514)
    Didn't the 90s (And early 2000s) teach us anything? If HTML isn't implemented in essentially the same way across all browsers the Internet will stagnant again and we will turn to cross-platform plugins like Flash to actually get stuff done.
  • by tomhudson (43916) < ... <nosduh.arabrab>> on Monday October 11, 2010 @08:33AM (#33858590) Journal

    say, Slashdot or New York Times doing something to better my reading experience.

    You must be new here :-p

    Seriously, we already have latency problems caused by multiple sites doing their crap on every page load (look at the source for any page that includes tracking and ad javascript includes). We don't need web sites sifting through 5 meg of local storage (which they'll grow to 100 meg, just like the original cookie limits specification quickly succumbed to hyperinflation) because they'll want to store it in xml.

    -- Barbie

  • by swb (14022) on Monday October 11, 2010 @08:36AM (#33858618)

    HTML5 -- is it a new language? Is it a set of extensions to HTML, Javascript, or is it more of a concept/phenomenon, like "Web 2.0"?

    I read it as an extension of the HTML standard, but quite often its treated as a "new language" as opposed to an extension, upgrade, etc. I wonder if that's half the problem -- I think generally speaking, people are a little weary of many new things, technology wise, and failure to cast this as more of an upgrade than a wholly new entity (even if the new features make it so) probably has a lot to do with some of the scaremongering associated with it.

  • Re:Browsers... (Score:4, Insightful)

    by koreaman (835838) <uman@umanwizard.com> on Monday October 11, 2010 @08:53AM (#33858770)

    You are overly optimistic if you think Aunt Marge and Uncle Joe will have ever even seen or heard of "the little black box with the white letters" :)

  • by John Hasler (414242) on Monday October 11, 2010 @09:32AM (#33859080) Homepage

    > Being able to store things with flash is fine...

    No it isn't. Creatures such as Flash should never be able to store or read anything. They should be locked in their sandboxes with only the input the browser chooses to give them.

  • by Anonymous Coward on Monday October 11, 2010 @09:42AM (#33859188)

    No. It's simply not a problem for most people.

    Neither is police brutality. Or Habeus Corpus. Or the bearing of arms.

    The number of people affected by an action http://en.wikipedia.org/wiki/First_they_came... [wikipedia.org] has no bearing on whether the action is ethical or heinous.

  • by John Hasler (414242) on Monday October 11, 2010 @09:44AM (#33859206) Homepage

    > ...we will turn to cross-platform plugins like Flash to actually get stuff done.

    "Stuff" that doesn't need doing.

  • Re:FUD (Score:2, Insightful)

    by Richard_at_work (517087) <richardprice.gmail@com> on Monday October 11, 2010 @09:48AM (#33859256)
    Bullshit. Seriously, bullshit. The browser provides the interface through which the plugin can work - just because currently plugins have near free reign on most browsers does not mean that that is acceptable.

    Javascript is blocked from writing to disk, and indeed doing a lot of things in certain circumstances (IE blocks a lot of JS when the page is opened locally and not through a remote server).

    So again, to say its not the browsers fault is falsely excusing it from blame - the browser can certainly lay down a strict set of rules by which the plugins can and cannot work, and that certainly includes local file access.

    Microsoft got shat on for this a long time ago about ActiveX, so the other browser makers now need to get an equal shitting on for anything else that they allow access to the internet via their browser without setting up suitable security restrictions.

    This is most certainly a browser issue.
  • by AusIV (950840) on Monday October 11, 2010 @10:39AM (#33859762)

    What are you talking about? And who modded this insightful?

    We're not talking about a civil rights issue, we're talking about an option you can turn on or off in your browser. It's not a problem for most people, so they don't turn it off. It's there to be turned off if you like. We're not even talking about getting rid of that option, we're just discussing sane defaults.

    Can you give a decent explanation of how this relates to police brutality?

  • by Doc Ruby (173196) on Monday October 11, 2010 @12:55PM (#33861178) Homepage Journal

    None of that has anything to do with HTML5.

  • by WebManWalking (1225366) on Monday October 11, 2010 @01:01PM (#33861252)
    You're referring to the "same origin policy" and you're right. There are 3 new mechanisms in HTML5 for remembering something across page loads (added to the older 4th mechanism, cookies), and all 4 of them are subject to the same origin policy.

    Many of the new features of HTML5 exist to allow browsers to do the same things as plug-ins. A poorly written plug-in is a much bigger security vulnerability than the well-thought-out new features of HTML5, which were largely contributed by browser vendors themselves. The browser vendor has a vested interest in keeping the browser secure against attack. And they know how to accomplish that, because they're more familiar with their own internal security model and they're more motivated to follow it rigorously.

    Implementing the same origin policy thoroughly and correctly is in the vendor's best interest. I'm pretty sure that HTML5 will make us more secure than the plug-in riddled environment we have now.

The tree of research must from time to time be refreshed with the blood of bean counters. -- Alan Kay

Working...