Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to ensure privacy in the age of HTML5

Chris Minnick and Ed Tittel | June 26, 2013
New APIs in the forthcoming HTML5 make it much easier for Web applications to access software and hardware, especially on mobile devices. The W3C is taking privacy seriously as it puts the finishing touches on HTML5, but there are still some important things to consider.

HTML5, the latest version of the language of the Web, was designed with Web applications in mind. It contains a slew of new application programming interfaces (APIs) designed to allow the Web developer to access device hardware and software using JavaScript.

Some of the more exciting HTML5 specifications include the following:

Read this list and you could conclude that HTML5 is being designed specifically for hackers and identity thieves. The reality, however, is that that the authors of HTML5 take privacy very seriously.

Concerns over HTML5 weakening privacy protections were most famously and visibly expressed on a front-page New York Times article back on Oct. 10, 2010. New Web Code Draws Concern Over Privacy Risks talks mostly about the additional tracking capabilities enabled by new HTML5 browser storage capabilities. In particular, Samy Kamkar's Evercookie application is singled out as a particularly sinister example. Evercookie is a JavaScript app that writes tracking data to numerous places in a user's browser, making the data difficult to remove through normal means. Even worse, Evercookie will recreate all cookies if it discovers that they've been removed.

Kamkar created Evercookie to demonstrate the ease with which new storage mechanisms could be exploited by marketers to track users. Marketers paid attention and quickly adopted Evercookie to track users.

Scared yet? You should be.

But HTML5 isn't the problem. In fact, HTML5 is part of the solution.

HTML5 Improves Web Security, Eliminates Need for Plug-ins
The current state of the Web-even leaving HTML5 completely out of it-includes tracking cookies, Flash cookies and hacked Web sites distributing malware. Moreover, 6.3 percent of Web surfers worldwide (many of them in China) still use the notably insecure Microsoft Internet Explorer 6.

HTML5 aims to make the Web more secure, in part, by eliminating the need for browser plug-ins. This is a great start. Two of the most commonly installed browser plug-ins, Java and Flash, are also the two biggest security holes in any Web browser.

Simply by being installed, plug-ins make the browser less secure. Not only that, but plug-ins are generally written for multiple operating systems; a vulnerability in a plug-in such as Java or Flash is a vulnerability in Windows, MacOS and Linux. Another wrinkle is that a large percentage of installed plug-ins don't have the latest security patches. Overall, plug-ins represent a major problem.

 

1  2  3  4  Next Page 

Sign up for Computerworld eNewsletters.