HTML5 Draws Concern Over Risks To Privacy

Hugh Pickens writes "The NY Times reports that in the next few years, HTML5 will provide a powerful new suite of capabilities to Web developers that could give marketers and advertisers access to many more details about computer users' online activities. The new Web language and its additional features present more tracking opportunities because the technology uses a process in which large amounts of data can be collected and stored on the user's hard drive while online. Because of that process, advertisers and others could, experts say, see weeks or even months of personal data that could include a user's location, time zone, photographs, text from blogs, shopping cart contents, e-mails and a history of the Web pages visited. 'HTML5 opens Pandora's box of tracking in the Internet,' says Pam Dixon, the executive director of the World Privacy Forum. Meanwhile Ian Jacobs, head of communications at the World Wide Web consortium, says the development process for HTML5 will include a public review. 'There is accountability,' Jacobs says. 'This is not a secret cabal for global adoption of these core standards.'"

Don't cookies do the same thing?

[bogaboga]

Because of that process, advertisers and others could, experts say, see weeks or even months of personal data that could include a user's location, time zone, photographs, text from blogs, shopping cart contents, e-mails and a history of the Web pages visited.

Folks, I thought this isn't new at all. Don't cookies do the same thing? I have a cookie that will 'never' expire unless I delete it. What am I missing?

Sandboxes. Now.

[TubeSteak]

Browsers should no longer be allowed to frisk about in the general operating system,
scattering data willy nilly throughout your computer into wildly obscure folders.

I propose robust sandboxes.
You want to delete all the tracking information? Delete the sandbox.
Honest websites won't be spending their efforts to break out of the box and
malicious websites were going to pwn you anyways, so does it matter if they do?

I'm not proposing sandboxes as a security measure, merely a way to keep all the cruft from your browser & plugins locked down in one (easily deletable) place.

This is fear-mongering

[jjb3rd]

This neo-luddite fear-mongering must end!!! Properly secured browsers negate these "new" threats. The only "problem" as I see it, is the likely-hood that in browser manufacturers (Apple, Google, Microsoft, Firefox, Opera, etc.) rush to get these new capabilities, they'll put security on the back burner and we'll have a few years of this nonsense. This is no reason to not implement compelling features. It just raises the stakes for people to do it right. Having spent some time developing some HTML5, I for one, am looking forward to the new goodness.

Re:Don't cookies do the same thing?

[captainpanic]

So, the actual news is that although we get new technology, old problems still aren't fixed?

The fact that with current technology all this data is already available doesn't mean that it does not need to be fixed in the future.

the issue seems to hinge on one concept:

[circletimessquare]

i don't have a problem with a website seeing everything i do on that website. i have a problem with a website seeing what i do on other websites

let foo.com have evercookies on my computer about everything i do... at foo.com. not a problem. but i don't ever want foo.com too see what i do at fubar.com, and visa versa

of course, foo.com can sell my info to fubar.com through different channels, but that's a problem that predates the internet, and has nothing to do with browser privacy. and i know if doubleclick has their ads on foo.com, they can infer certain things about my activities at foo.com... actually, now that i think about it, that's a fatal hole in any browser privacy: if a webpage is serving content from another website, such as with advertising networks, we're pretty much doomed no matter what the markup language, aren't we?

to really have browser privacy, you'd have to destroy the entire possibility of webpages serving content from other domains. how the heck do you enforce that? a rule like "when loading content from foo.com, everything on this page must come from foo.com"? is that a viable concept? no more google analytics, no more iframes... i don't know, we're just doomed

but... even if you had that rule, foo.com could just agree with double click to proxy their ads, running them through their servers, so everything is coming from one domain, even though it really isn't. then they can simply see how one particular ip address walks across the web where they have similar agreements with other sites. no escape. you'd have to spoof your ip with every request, which breaks all sorts of functionality on most websites. maybe you could have a new ip for every tab, every session... what a nightmare

basically, the concept of privacy on the internet is void. if you type it on the web, it is known, end of discussion. crap

Re:Browsers...

[Anonymous Coward]

It's a very similar problem to the privacy concerns over Flash about 6 or 7 years ago. When people realized you could store a lot of information separate from standard browser cache, people started taking advantage of the situation until it was patched. Similar things with HTML5, breeches will be discovered, then much later get patched after the damage is done.

Re:Don't cookies do the same thing?

[icebraining]

They are, if you care. Most browsers allow you to disallow cookies, storage, etc, or clean them up periodically.

Most people don't care. No: most people want to be remembered by the sites for convenience, and they mostly definitively don't want to have to allow/disallow on a site by site basis.

The problem isn't technological, it's sociological.

Re:Don't cookies do the same thing?

[captainpanic]

Genuine question - if people honestly don't care, then is it really a problem?

Is it that they don't care, or don't understand?

If people honestly don't understand the problem, then it's up to a government to protect the people, or up to the producer of a particular product to protect its customers (enforced by laws to protect the people).

Privacy is an abstract concept, which is difficult to understand for most people. Privacy for most people still means "to be able to close the curtains at night", and has nothing to do with the internet or any other digital technology.

How, Specifically?

[Doc Ruby]

What features does HTML5 include that let one server access any data other than that created by that server, or by the client user through the HTML GUI sent by that server? Why should any client state be available to the server, except the same kind of client-side feature list of supported media types and browser version that we've had since HTML1.0?

Turning on privacy breaks the web

[Animats]

More and more sites just don't work if you enable strong privacy controls. Some of this seems to be deliberate, and it's getting worse.

• If you don't let YouTube store Flash data, the "Press ESC to exit full screen mode" message will not disappear.
• If you block third party cookies, CBS TV video won't play.
• If you block most cookies, many video sites will play the same ad over and over.
• "511.org", a Government-run site for traffic information, goes into an infinite reload loop if you block Google Analytics.

Re:Don't cookies do the same thing?

[Simetrical]

Genuine question - if people honestly don't care, then is it really a problem?

The problem is that users are given a tradeoff: either they enable cookies and let people track them, or disable cookies and break all the sites they use. Offered that decision, most people will rationally opt for the latter. The goal is to give them a third option: let sites work properly without privacy or security problems.

Web standards try to give apps as much power as possible without hurting privacy or security more than before, so you don't have to trade off here-and-now features to fend off abstract threats. Other application frameworks, like conventional binaries, don't even try: if you run the program, you have to trust it completely.

An example of one technology that tries this and gets it wrong is Android. You can decide what privileges to give an app before you install it, but popular apps often ask for lots of unreasonable privileges, so in practice most people ignore the risks and just install the things. On the web, applications can do the large majority of useful things Android apps can do (if you count cutting-edge standards that aren't widely supported yet), but few of the harmful things. This puts users in a much better position: they don't lose many features, but they're at much lower risk.

So, yes, it is a problem, and it is fixable, and the web is the only way forward toward fixing it. Others have tried, like Bitfrost [wikipedia.org], but only the web has enough momentum to build a real application base around the idea of totally untrusted applications that are still really useful.