Some of the more exciting HTML5 specifications include the following:
- Geolocation API lets the browser know where you are
- Media Capture API lets the browser access your camera and microphone
- File API lets the browser access your file system
- Web Storage API lets Web applications store large amounts of data on your computer
- DeviceOrientation Event Specification lets Web apps know when your device changes from portrait to landscape
- Messaging API gives the browser access to a mobile device's messaging systems
- Contacts Manager API allows access to the contacts stored in a user's contacts database
Read this list and you could conclude that HTML5 is being designed specifically for hackers and identity thieves. The reality, however, is that that the authors of HTML5 take privacy very seriously.
Kamkar created Evercookie to demonstrate the ease with which new storage mechanisms could be exploited by marketers to track users. Marketers paid attention and quickly adopted Evercookie to track users.
Scared yet? You should be.
But HTML5 isn't the problem. In fact, HTML5 is part of the solution.
HTML5 Improves Web Security, Eliminates Need for Plug-ins
The current state of the Web-even leaving HTML5 completely out of it-includes tracking cookies, Flash cookies and hacked Web sites distributing malware. Moreover, 6.3 percent of Web surfers worldwide (many of them in China) still use the notably insecure Microsoft Internet Explorer 6.
HTML5 aims to make the Web more secure, in part, by eliminating the need for browser plug-ins. This is a great start. Two of the most commonly installed browser plug-ins, Java and Flash, are also the two biggest security holes in any Web browser.
Simply by being installed, plug-ins make the browser less secure. Not only that, but plug-ins are generally written for multiple operating systems; a vulnerability in a plug-in such as Java or Flash is a vulnerability in Windows, MacOS and Linux. Another wrinkle is that a large percentage of installed plug-ins don't have the latest security patches. Overall, plug-ins represent a major problem.
Sign up for Computerworld eNewsletters.