W3C Group Proposed To Safeguard User Agent State Privacy 76
First time accepted submitter FredAndrews writes "A Private User Agent W3C Community Group has been proposed to tackle the privacy of the web browser by developing technical solutions to close the leaks. Current Javascript APIs are capable of leaking a lot of information as we browse the Internet, such as details of our browser that can be used to identify and track our online presence, and the content on the page (including any private customizations and the effects of extensions), and can monitor and leak our usage on the page such a mouse movements and interactions on the page. This problem is compounded by the increased use of the web browser as a platform for delivering software. While the community ignores the issue, solutions are being developed commercially and patented — we run the risk of ending up unable to have privacy because the solutions are patented. The proposed W3C PUA CG proposes to address the problem with technical solutions at the web browser, such as restricting the back channels available to Javascript, and also by proposing HTML extensions to mitigate lost functionality. Note, this work cannot address the privacy of information that we overtly share, and there are other current W3C initiatives working on this, such as DNT."
want to be private (Score:2, Insightful)
Re: (Score:3)
Yet another abuse of the patent system (Score:4, Insightful)
The patent system was set up to encourage more people to invent new stuffs - by protecting the interest of the inventor.
It was never intended for the restriction of the rights of others to protect themselves.
The use of patent in the solutions as outlined by TFA is another clear cut example of the abuse of the patent system.
I do not know how much more the world must suffer before the power that be wakes up to the fact that the patent system is hopelessly broken.
Overhaul the patent system now !
An even better idea. (Score:1)
Get rid of copyright while you're at it.
Re:An even better idea. (Score:4, Interesting)
Do away with the patent system. Get rid of copyright while you're at it.
A non-renewable copyright of five to ten years, which is valid only if owned by a natural (living, breathing, non-corporate) person, and becomes fully public domain at expiration... that might not be such a bad thing.
Re:An even better idea. (Score:4, Interesting)
The costs of patent litigation exceed their investment value in all industries except chemistry and pharmaceuticals.
Bessen, James & Meurer, Michael J. (2008) Patent Failure. Princeton University Press.
So it would make sense to abolish patents in all other areas.
The economically optimal copyright length, assuming a single flat term, is slightly less than 15 years
Pollock, Rufus (2009) Forever Minus a Day? Calculating Optimal Copyright Term.
I think it might be better to have a shorter copyright term followed by a further copyleft term though.
Re: (Score:2)
I think it might be better to have a shorter copyright term followed by a further copyleft term though.
That's a damned good idea. Can't say I have much more to add.
Re: (Score:2)
Considering the effect of patents on drug availability, pushing worse drugs just because the old one's patent expired, and so on, I'd say: let's abolish patents ESPECIALLY on pharmaceuticals.
New and improved drugs (Score:2)
pushing worse drugs just because the old one's patent expired
In these cases, is the new drug really worse most of the time? If I recall correctly, the patent on fexofenadine (Allegra) came into being as its precursor terfenadine (Seldane), but it turned out that fexofenadine was so much safer than terfenadine that fexofenadine eventually wound up going over the counter. At worst, from what I've seen, the new drug is neither better nor worse, such as loratadine (Claritin) to its active metabolite desloratadine (Clarinex) or racemic omeprazole (Prilosec) to esomeprazol
Re: (Score:2)
There should be laws against fraud. For example, you can't claim that you wrote a book that someone else wrote, but the book itself should be able to be read, published, and redistributed by anyone.
Re:An even better idea. (Score:5, Insightful)
Who the hell cares who wrote the book at that point? Some people seriously don't think about the consequences of a no copyright no patent environment. If there was absolutely no copyright or patents, the moment someone low in the food chain comes up with something, he can't do anything with it without risking losing it forever. What the hell incentive does he have to anything with it? What the hell reason does anyone have to invest in R&D when someone can just jump in and take the final result and run with it? Do you think we as a people will seriously go "Well they came up with it first, so I'm going to buy their product" when the competitor is offering the same thing at a drastically lower price since they don't have the price of the past R&D to consider?
Yes, patents are abused and the system is currently absurd. Yes, copyright is abused and the system is currently absurd. (90+ year terms? Come on now.) But removing the systems completely instead of making them better makes no goddamn sense.
Re: (Score:2)
I know that, but there's no good reason to have 90+ year copyright terms.
Re: (Score:2)
Exactly the same incentives that people had to create in the thousands of years before copyright and patents existed? "Intellectual property" doesn't protect the author of creative works, who may very well create it and keep it secret or limited to a small audience. The advan
Re: (Score:3)
And the author whose fine work you're enjoying is remunerated how?
Re: (Score:2, Insightful)
Re: (Score:2)
Don't get me wrong, I applaud both your logic and your integrity... the only fly in the ointment is the cheesy lot that think something for nothing is a gawd given right. You can only have beautiful things by investing in them. It is a wise man who knows upon which side his bread is buttered. You speak of scarcity, if nothing else in this culture is scarce, it would be wisdom.
Re: (Score:2)
I do not know how much more the world must suffer before the power that be wakes up to the fact that the patent system is hopelessly broken.
They are quite awake to it. Being awake and aware of the situation, they (the monied interests who make the important decisions) realized long ago that the current broken-ness serves their interests.
It is only the little guys, the nobodies like you and I, who might want to protect ourselves using techniques that never should have been patentable. Everyone else either collects a check or purchases a license for a trivial, infinitessimal portion of their net worth.
Re: (Score:3)
I do not know how much more the world must suffer before the power that be wakes up to the fact that the patent system is hopelessly broken.
In most countries, the political parties able to govern serves the interests of the wealthiers. Patents as a tool to defend against challenger is good for the them. Nothing can change without more power to the people, which is really not an easy problem to solve. The Referendum d'Initiative Populaire is a solution, but there are not many countries where this exists
What Drives This? (Score:2)
Note, this work cannot address the privacy of information that we overtly share
Why do so many people feel an irresistable urge to disclaim claims that were never made?
It's a form of dumbing things down.
Re: (Score:1)
Re: (Score:2)
The word 'privacy' is quite loaded and is used in a lot of other contexts. The PUA CG is proposed to have a narrow scope so it can efficiently address the privacy of the web browser state. The W3C already has other forums to develop other areas of privacy and they are welcome to it.
The second and third sentences go together. The first has nothing to do with them.
Anyone who reads that summary and comprehended what they read would know that no claim to solve ALL privary issues of every sort was made. Only a particular subset of a particular nature is being claimed.
If they did not comprehend what they read, the actual writing needs to cater to those who did. Only under these circumstances does the person who did not understand change into the person who does. Dumbing everything
Re: (Score:2)
it and php can require the very things it needs to bring you an good game, jsut as the evil corporate use tracks the website urls...., there should be a separation somehow.....
The root of the problem is externally-directed people who will buy something because they're told in kiss-your-ass language that it would be a great idea. There is no short-term solution to that, now that it's become so common and well-established. So, this is only a partial solution, but Adblock Plus (with Privacy lists) + NoScript + Redirect Remover + a good /etc/hosts file, maybe also RequestPolicy works quite well. Once you get these things set up, you can more or less forget about them.
It's also
Re: (Score:1)
Translation... (Score:4)
The proposed W3C PUA CG proposes to address the problem with technical solutions at the web browser, such as restricting the back channels available to Javascript, and also by proposing HTML extensions to mitigate lost functionality.
In other words, we are going to break functionality used in just about every website out there, especially SAAS platforms that depend on it for delivering software.
That's okay though, because we are going to replace that functionality with HTML extension. You have tens of thousands of dollars to pump back into software development right?
Sheesh. I get where they are coming from, but man does it suck for people actually trying to develop and deliver complex platforms with web browsers as front ends.
Re: (Score:1)
Those Software as a "Service" platforms can write their own damn clients. Or (heaven forbid) deliver a local executable and quit relying on subscription models and holding their customers' data hostage.
Re:Translation... (Score:4, Interesting)
Ohhh, yeah, sure. It's just that simple. Write a client.
There is a *reason* why a web browser is used:
- Cross platform. Linux, Mac, Windows, embedded whatever.
- No development costs directly associated with the client.
- Upgrades are instantaneous. CTRL-F5 effectively reloads all the software for a site.
- For some use cases it means a significantly cheaper interface to business platforms. No expensive licenses client side, or maintenance costs for a fat client.
- For some use cases, it does not mean SAAS. It could be an internal, proprietary, business platform delivered through a web interface only.
- For some use cases, it could mean greatly enhanced security as you have an internal website that services all interactions with customer data. No direct access to back end data is even possible.
Subscription models make perfect sense in some cases. You're rather simplistic rant about those fees completely ignores the fact that for businesses it often makes financial sense. In order to run your own platform you need to:
- Absorb 100% of the costs of development.
- Absorb 100% of the costs of maintenance, which includes keeping software engineers on staff who designed it.
- Absorb 100% of the costs of operating the platform. Includes servers, bandwidth, software licenses, etc.
I'm sure there are other costs and caveats I am not mentioning too.
I've looked into some very expensive SAAS platforms (30k per month subscription fee). I can tell you it actually made sense. To develop that platform would have taken me a team of developers and minimum 18 months to deliver. I have no doubt that I could have pulled it off, but in the end it would have cost more than the fees and required almost the subscription fee per month just to keep some of the developers on staff to maintain it, and continue to develop features we may need in the future.
Holding customer's data hostage? That only happens if you're an idiot . Have a very well spelled out legal contract, and make nightly incremental backups of your data. Some of the SAAS providers I have worked with set up an rsync of our data to our own servers. We back that up incrementally as well.
So where is the data being held hostage? It's not. What you are held hostage to is the platform. That is going to be true whether the platform exists some place else, or is a local executable on a local server in your company. That you are not always going to be able to get around very quickly. Switching business platforms is not something one just does for the heck of it.
Things shift around of course, but right now local clients that connect to business platforms are going the way of the dinosaur. Honestly, why even do it at all? Does not a standardized client that runs across multiple platforms not make sense to you at all? It happens to be a web browser right now, and in a more limited fashion Java, but it makes perfect sense to have one. Perhaps that is why SAAS has been taking off so fast. You know... the benefits to the end users.
Student, hobbyist, or micro-ISV developers (Score:2)
SAAS folks can then, as the GP suggested, write their own damn (extensible, multi-purpose, cross-platform) clients; and don't call them web browsers.
Under your plan, every student, hobbyist, or micro-ISV who wants to write what used to be called a web application has to pay an extra hundreds of dollars per year to get the client for the former web application into the iOS App Store, Windows Store, and Amazon Appstore, and the application becomes entirely unavailable to users of a platform with a web browser but no program for student, hobbyist, or micro-ISV developers, such as Wii, 3DS, PS3, and PS Vita.
Expense of becoming a licensed developer (Score:2)
Re: (Score:2)
Uhhh, the cost of testing your software in 5 different browsers is quite a bit less than the cost of developing a Linux, Mac, and PC client. That's if you want just them. Add the cost for an Android app, Apple app, Blackberry app, and Windows Phone app if you want to support mobile.
Those costs that you mention are peanuts compared to that.
Re: (Score:2)
From the summary, which is essentially the article too by the way, it seems they were going to restrict or eliminate the javascript abilities to interact with the server.
They mention HTML extensions, but give no real information on them, or why they will be inherently more secure and leak proof.
I'm all for users having robust mechanisms for control. That's not the same as breaking existing functionality though.
Re: (Score:1)
Re: (Score:2)
Oh come on.
Instead of taking advantage of ubiquitous web browsers that allow cheap development you want us to absorb the costs of developing:
- A Windows client
- A Linux client
- A Mac client
- An Android client
- A Blackberry client
- An iPhone client
- A Windows phone client
Why? Just so we can lord it over others that we can write native compiled to ASM code and support that many different clients....
Ohhh, and then try to compete in the market passing off those costs of development and support of that many di
Re: (Score:1)
If it breaks functionality then the website was badly coded. No website should require JavaScript. It should degrade gracefully.
Re: (Score:2)
Seriously?
You're trying to tell me you can develop a SAAS platform without Javascript? Don't tell me something ridiculous like use Flash instead either, or write one big massive Java applet.
It's impossible. You can't have a HTML only website do anything remotely like a Javascript website. Sure, you might be able to cause the page to continuously reload to have a real time updated chart for call volume on a call center, but it will look clunky and crappy doing it.
That's what it really comes down to. We c
Re: (Score:1)
Not all web applications need real-time updates. If one does and JavaScript is disabled, it should still be possible to reload the page to get recent data. That's graceful degradation. JavaScript is meant to be a convenience, not the sole way to do something.
I have actually developed a web application for a company and I made sure that everything still worked without JavaScript. It works very well.
Just undo the browser mistakes (Score:5, Insightful)
Browsers had a lot of bad things done in them over the years. These should just be removed. Start with the Referer (regardless of spelling) field. If the domain is different, don't transmit it. Of course this only scratches the surface. When the user visits another domain, launch a whole new browser in a separate process. Also, do not expose data to a page's client side code about things like navigation to other pages when they are done in different tabs or windows. And when returning the view back to a previously viewed page, just view the previous contents ... do NOT reload the page. The only time a page should be reloaded is when the user navigates to it via a link, or presses reload, or the client code for that page requests reloading only itself or a page in the same directory.
Yeah, they can break a lot of functionality that dumb web developers came to depend on. But these are things that never should have been there to begin with.
Expired document (Score:2)
How to express these without User-agent: header? (Score:2)
the concept of a user-agent string should never have existed in the first place.
Instead of the User-agent: HTTP header, what way would you have recommended to communicate these to the server?
Outside Interest (Score:1)
...because the solutions are patented." (Score:4, Insightful)
Admitting my primitive understanding of this subject, I have some questions; Is sandboxing undervalued? is sending all cache to unique directories that can only be read by the source they were created for practical? Would generating random or shared generic user-agent data for each domain for each encounter have any effect? I have taken simple privacy measures like chmod 400 ~/.macromedia and ~/.adobe; installing noscript, flashblock; bloating
I remember trying the EFF's panopticlick [eff.org], which tests your browser for its unique fingerprint. I was a little surprised at the results. What does something like the time-stamp mean for anonymity? How many people in the world have identical installation times and zip-codes, etc.? Why does this and other data need to be there as it is?
I get confused when contemplating why such promiscuous features are included in browsers in the first place. Are we simply using stupid browsers? Would creating a secure browser break its functionality? I know noscript can be a pain in the ass. What really confuses me is why a browser would store persistent cookies and other data -- after being deleted -- unless it was built to do so. If so, then why? If not, then why? When I start a browser from a fresh install or USB, it works just fine. If I reboot and do it again, it continues to work fine. Why the persistent data?
Finally, it should be alarming in itself that so much knowledge is required now to have even a measure of privacy. Those who understand, often take their knowledge for granted. But even for someone practically living and working in the web, it is not an overly simple subject. Is privacy an esoteric delusion, or is it an esoteric reality?
Re: (Score:1)
I am afraid privacy has always been a delusion. First however one must realize that while privacy is an interesting notion as long as humanity has been a structure of highly ordered and inter-networked collabaratives privacy has been a farce. From the town gossip of yore to the dealings of the FBI on the phone today, society has always had a penchant for encroaching on the privacy of others. With modern technology and data harvesting we can expect more erosions of in the future. We do live in scary times, b
Re: (Score:2)
If I can't track your interactions with the site.. (Score:2)
Cap (Score:2)
You send me the entire page
Even the pages that the user doesn't appear to want to view? That'll eat into the user's 5 GB/mo cap quickly.
Re: (Score:1)
There is no need to specify the browser. (Score:4, Insightful)
The browser string helps to identify if the browser can perform certain functions. So send a string that specifies "server-visible capabilities" (ie: what the user wants the server to know about the capabilities of the browser) instead. Then no browser, OS or other potential privacy loopholes exist.
But what if you don't want the server to know anything? That's the point about sending a capabilities string. If you don't want to specify, there's no need to. Having said that, setting a bit that indicates "HTML 4.01-compliant" is not revealing anything terribly informative to anyone, since that's going to be true of 99% of user agents at this point. Which means you're not part of the 1%, but that's about it.
HTML 5 is the only awkweird one, as you'd have to have a bit for some generally-agreed group of functions, since there's no fixed standard. (IIRC, that's going to switch to having a "rolling development branch" and fixed "stable snapshots", but for now there's no stable spec you can identify with a simple flag.)
True, some browsers implement subsets (and/or extensions to) approved standards, but frankly the headache for developers is to support those kinds of freaks. A fixed list of supported standards you can switch between is really what you want. Special cases for every browser make for something that is unmaintainable, as anyone who has developed a web app can tell you. Freak cases really should be reduced to "nearest available standard" where at all possible.
This satisfies all the requirements of the server, for behaving correctly on multiple browsers, without giving anything away that could be misused.
Furthermore, since I'm saying the capabilities string is a bunch of flags, you can specify masks per site or site grouping if you want to conceal some information from some servers. (This makes user tracking via the agent impossible, since the agent can now vary and there's fine-grained control over how it varies.) Not a million miles from how security is handled in every other case.
The extra round trip adds latency (Score:2)
Browser detection is bad. Websites should use only web standards or experimental features proposed for a standard (most of HTML5).
So other than through browser detection, how is a web site supposed to know which "web standards" and which "experimental features proposed for a standard" a particular user agent supports?
The capabilities of a client should never be determined by some HTTP header field, they should be determined by media queries
Sending the stylesheets for a couple dozen combinations of media queries just to have the user agent select one of them and discard all the rest costs bandwidth. So does sending mark-up that will be hidden with display: none in a particular media query's stylesheet. Besides, the preferred viewport width in WebKit still is
Re: (Score:1)
Privacy hysteria (Score:1)
This new fixation on privacy becomes absurd. I hope that the commenters are not a representative subset of the population, even here on Slashdot. Do you recognize that complete privacy on the Internet means complete anarchy?
Do you recognize how small privacy you have when you step out of your home? You become uniquely identifiable immediately.
In a small town everybody will know me by my face. Oh my god, how can we live in such a rude word? I should put a sack on my head. But no, my shoes identify me to
Re: (Score:1)
Re: (Score:1)
I work for a site with about 1 million monthly visitors. I know from experience that 1-3% of the visitors are notorious troublemakers and they do ruin the online life of the other 99% if they are not controlled. This is a continuous fight, they put huge efforts into evading our rules and we also spend huge effort into stopping them. For example we know about a user who spent about 2 months working on a software tool. I am not talking about hacking, that is another front. And this is a mostly free service, n
Re: (Score:1)
Hyperbole much? In real life there aren't tons of ad agencies tracking your every movement. Your comparison is ridiculous.
Re: (Score:1)