How to Ensure Privacy in the Age of HTML5

New APIs in the forthcoming HTML5 make it much easier for Web applications to access software and hardware, especially on mobile devices. The W3C is taking privacy seriously as it puts the finishing touches on HTML5, but there are still some important things to consider.

By Chris Minnick and Ed Tittel
Tue, June 25, 2013

CIO — HTML5, the latest version of the language of the Web, was designed with Web applications in mind. It contains a slew of new application programming interfaces (APIs) designed to allow the Web developer to access device hardware and software using JavaScript.

Some of the more exciting HTML5 specifications include the following:

Read this list and you could conclude that HTML5 is being designed specifically for hackers and identity thieves. The reality, however, is that that the authors of HTML5 take privacy very seriously.

Concerns over HTML5 weakening privacy protections were most famously and visibly expressed on a front-page New York Times article back on Oct. 10, 2010. New Web Code Draws Concern Over Privacy Risks talks mostly about the additional tracking capabilities enabled by new HTML5 browser storage capabilities. In particular, Samy Kamkar's Evercookie application is singled out as a particularly sinister example. Evercookie is a JavaScript app that writes tracking data to numerous places in a user's browser, making the data difficult to remove through normal means. Even worse, Evercookie will recreate all cookies if it discovers that they've been removed.

Kamkar created Evercookie to demonstrate the ease with which new storage mechanisms could be exploited by marketers to track users. Marketers paid attention and quickly adopted Evercookie to track users.

Scared yet? You should be.

But HTML5 isn't the problem. In fact, HTML5 is part of the solution.

Continue Reading

Our Commenting Policies