HTML5: blessing or curse?

Code junkies hangout here

Moderators: ChrisThornett, LXF moderators

HTML5: blessing or curse?

Postby Dutch_Master » Sat Oct 16, 2010 12:25 am

I know there is a recent thread about HTML5, but it doesn't address this issue: Earlier this week the NY Times ran an story about HTML5 and its effect on users privacy.

NYTimes wrote:The new Web language and its additional features present more tracking opportunities because the technology uses a process in which large amounts of data can be collected and stored on the user’s hard drive while online. Because of that process, advertisers and others could, experts say, see weeks or even months of personal data. That could include a user’s location, time zone, photographs, text from blogs, shopping cart contents, e-mails and a history of the Web pages visited.

Full story

If you've read the article you've seen that marketeers already have at least 10 known locations to store their "code injections", making it increasingly difficult to get rid of any and all. What's more of a concern, the same technology can, no: will be abused by scammers to eavesdrop on unsuspecting surfers, targeting their sensitive data like bank accounts and creditcard stuff... I predict the first such scam to happen within a fortnight of a major (financial) website switching to HTML5 (Google, banks, etc) and maybe not even that long...

This is something the browser makers should be very wary of, their reputation is on the block here... And the axe will fall as soon as a fault (exploit) is found: it'll be the end of that browser. Except for IE of course :roll: :evil:
Dutch_Master
LXF regular
 
Posts: 2471
Joined: Tue Mar 27, 2007 1:49 am

Postby johnhudson » Sat Oct 16, 2010 8:16 am

But as this is out in the open one would assume that the risk is primarily to closed source browsers. Can't see the FOSS community allowing this to go on for long.
johnhudson
LXF regular
 
Posts: 884
Joined: Wed Aug 03, 2005 1:37 pm

Postby Dutch_Master » Sun Oct 17, 2010 2:58 am

The FOSS community can't afford to let it happen in the first place... Remember, the likes of M$ and Apple will closely follow the way FOSS browsers will handle this and if even just one fails the marketing guys will have it in the papers for weeks, implying FOSS as a whole, not just the one failing browser. FUD, remember.... :evil:
Dutch_Master
LXF regular
 
Posts: 2471
Joined: Tue Mar 27, 2007 1:49 am

Postby ollie » Sun Oct 17, 2010 10:01 am

As long as you can locate the stored information, it can be deleted. The tools just need to be developed and built into the browsers to delete data from all possible storage locations. Just another new way of tracking potential customers.
User avatar
ollie
Moderator
 
Posts: 2749
Joined: Mon Jul 25, 2005 11:26 am
Location: Bathurst NSW Australia

Postby Dutch_Master » Sun Oct 17, 2010 12:39 pm

Known locations isn't the problem Ollie. But it appears cookie-writers have complete control over where the browser will/must store their cookie, and that may be somewhere where their code can be executed to harvest data and "call home", i.e. a trojan. IMO it's the browsers job to not only keep track of any and all locations but also prevent these cookies to be stored outside the known and therefore monitored locations. Cookies can be written with executable code in it, so the browser should be aware of the concept of "executable cookies" and eliminate these, better: refuse them while warning the user for action to be taken.
Dutch_Master
LXF regular
 
Posts: 2471
Joined: Tue Mar 27, 2007 1:49 am


Return to Programming

Who is online

Users browsing this forum: Yahoo [Bot] and 0 guests

cron