Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

HTML5: blessing or curse?

 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Programming
View previous topic :: View next topic  
Author Message
Dutch_Master
LXF regular


Joined: Tue Mar 27, 2007 2:49 am
Posts: 2435

PostPosted: Sat Oct 16, 2010 1:25 am    Post subject: HTML5: blessing or curse? Reply with quote

I know there is a recent thread about HTML5, but it doesn't address this issue: Earlier this week the NY Times ran an story about HTML5 and its effect on users privacy.

NYTimes wrote:
The new Web language and its additional features present more tracking opportunities because the technology uses a process in which large amounts of data can be collected and stored on the userís hard drive while online. Because of that process, advertisers and others could, experts say, see weeks or even months of personal data. That could include a userís location, time zone, photographs, text from blogs, shopping cart contents, e-mails and a history of the Web pages visited.

Full story

If you've read the article you've seen that marketeers already have at least 10 known locations to store their "code injections", making it increasingly difficult to get rid of any and all. What's more of a concern, the same technology can, no: will be abused by scammers to eavesdrop on unsuspecting surfers, targeting their sensitive data like bank accounts and creditcard stuff... I predict the first such scam to happen within a fortnight of a major (financial) website switching to HTML5 (Google, banks, etc) and maybe not even that long...

This is something the browser makers should be very wary of, their reputation is on the block here... And the axe will fall as soon as a fault (exploit) is found: it'll be the end of that browser. Except for IE of course Rolling Eyes Evil or Very Mad
Back to top
View user's profile Send private message
johnhudson
LXF regular


Joined: Wed Aug 03, 2005 2:37 pm
Posts: 871

PostPosted: Sat Oct 16, 2010 9:16 am    Post subject: Reply with quote

But as this is out in the open one would assume that the risk is primarily to closed source browsers. Can't see the FOSS community allowing this to go on for long.
Back to top
View user's profile Send private message
Dutch_Master
LXF regular


Joined: Tue Mar 27, 2007 2:49 am
Posts: 2435

PostPosted: Sun Oct 17, 2010 3:58 am    Post subject: Reply with quote

The FOSS community can't afford to let it happen in the first place... Remember, the likes of M$ and Apple will closely follow the way FOSS browsers will handle this and if even just one fails the marketing guys will have it in the papers for weeks, implying FOSS as a whole, not just the one failing browser. FUD, remember.... Evil or Very Mad
Back to top
View user's profile Send private message
ollie
Moderator


Joined: Mon Jul 25, 2005 12:26 pm
Posts: 2749
Location: Bathurst NSW Australia

PostPosted: Sun Oct 17, 2010 11:01 am    Post subject: Reply with quote

As long as you can locate the stored information, it can be deleted. The tools just need to be developed and built into the browsers to delete data from all possible storage locations. Just another new way of tracking potential customers.
Back to top
View user's profile Send private message
Dutch_Master
LXF regular


Joined: Tue Mar 27, 2007 2:49 am
Posts: 2435

PostPosted: Sun Oct 17, 2010 1:39 pm    Post subject: Reply with quote

Known locations isn't the problem Ollie. But it appears cookie-writers have complete control over where the browser will/must store their cookie, and that may be somewhere where their code can be executed to harvest data and "call home", i.e. a trojan. IMO it's the browsers job to not only keep track of any and all locations but also prevent these cookies to be stored outside the known and therefore monitored locations. Cookies can be written with executable code in it, so the browser should be aware of the concept of "executable cookies" and eliminate these, better: refuse them while warning the user for action to be taken.
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast