How to Ensure Privacy in the Age of HTML5
New APIs in the forthcoming HTML5 make it much easier for Web applications to access software and hardware, especially on mobile devices. The W3C is taking privacy seriously as it puts the finishing touches on HTML5, but there are still some important things to consider.
Tue, June 25, 2013
Some of the more exciting HTML5 specifications include the following:
- Geolocation API lets the browser know where you are
- Media Capture API lets the browser access your camera and microphone
- File API lets the browser access your file system
- Web Storage API lets Web applications store large amounts of data on your computer
- DeviceOrientation Event Specification lets Web apps know when your device changes from portrait to landscape
- Messaging API gives the browser access to a mobile device's messaging systems
- Contacts Manager API allows access to the contacts stored in a user's contacts database
Read this list and you could conclude that HTML5 is being designed specifically for hackers and identity thieves. The reality, however, is that that the authors of HTML5 take privacy very seriously.
Kamkar created Evercookie to demonstrate the ease with which new storage mechanisms could be exploited by marketers to track users. Marketers paid attention and quickly adopted Evercookie to track users.
Scared yet? You should be.
But HTML5 isn't the problem. In fact, HTML5 is part of the solution.