Stanford, Mozilla, Opera Launch Web Privacy Initiative 65
An anonymous reader writes "Stanford Law School has kicked off a 'Cookie Clearinghouse' web privacy initiative that brings together researchers and browsers. The project aims to provide a centralized and trusted repository for whitelist and blacklist data on web tracking, much like StopBadware does for malware. Mozilla and Opera are collaborating on the initiative, and Mozilla plans to integrate it into Firefox's new default third-party cookie blocking. The leader of an advertising trade group has, of course, denounced the participating browsers as 'oligopolies.'"
Re:It's about the right to choose (Score:4, Interesting)
He also seems to have trouble telling the difference between the Web and the Internet. Browsers are half the game of the Web, but just more car in a traffic jam of the Internet.
They do have a lot of power when it comes to defining the user experience of the web, but the cool thing about browsers is that it's relatively easy for a programmer (or group thereof) to split off and make their own how they want it, so browser makers have a fair amount of incentive to give users what they want. It won't necessarily be easy, but with all of the major players pushing to follow the standards better, it's probably a lot easier now than it was for Firefox to break on the scene a decade or so ago.
Re:Microsoft and Apple's stance on this (Score:4, Interesting)
I'm not convinced that's true .. because if you set Safari to block 3rd party cookies, and go to a web site, you still get 3rd party cookies.
So, whatever 'fix' Apple did seems pretty useless to me. Which is why Safari for me is used only to host Facebook -- I don't trust either of them, and if the browser never visits any other sites, there's no other information to be gleaned.
Already exists (Score:2, Interesting)
Firefox with ABP (load up the subscriptions, uncheck 'allow some advertising), NoScript (take out all the whitelisted URLs which are there by default) and Ghostery. Add in an extension which forces HTTPS.
Stop visiting sites that make you add any of their shitware scripts to the whitelists in NoScript or Ghostery.
There's a reason advertisers hate, hate, HATE those three plugins. It's because they are like holy water being poured on the foreheads of obese, slovenly vampires which want to devour your personal data.
Can I have... (Score:3, Interesting)
a) A general end to end encryption mechanism, as opposed to the current end to server mechanism. If I send a message to Bob using FaceBook, that is between me and bob, not Bob, Facebook, NSA, CIA, or any other law breaking faction of government that might have the technical means to grab it.
So it should be encrypted with Bob's certs, not Facebooks certs.
b) Thunderbird to support public key exchanges like SSH does. So a public key is attached to outgoing mail, a client that supports it, records that key the first time it sees it, and from then on send to my email are encrypted with that key. i.e. removing the public certificate authority, and relying on the first key exchange to encrypt mail end to end.
c) A HTML extension, declaring an encrypted edit field, with a second extension declaring the recipient. The browser only allows javascript and send to see the encrypted edit text, encrypted with the public key of the recipient (which you obtained on the first key exchange, see a). The edit field needs a visual indicator so we know its encrypted. So webmail can support end to end encryption.
d) An add on to force sites like Yahoo, Hotmail and Gmail into encrypted mode. So we can webmail encrypted even if the site refuses to cooperate.
e) Better control of certificates, I'd like to remove all the cert authorities that have a US base as untrusted (untrustable), but I'm reduced to going through them one by one. Also SSH has warned me in the past of attempts to substitute a certificate, does Firefox do the same?
f) File send data encrypted. People upload zip files with their banking passwords, and other details, thinking they're trusting Google or Yahoo or Dropbox or whatever with a backup copy of their data, not realizing they're handing it to a Dr Strangelove. They should have an easy way to upload it encrypted with their own key.
g) ISPs, can I have the old Deutsch Telekom trick of renewing an IP address every 2am. Making tracking more difficult.
h) ISP's if you're putting in Super NATs can we have them using a session id, and not some constant mechanism that reveals the end point after the NAT.