How to ensure privacy in the age of HTML5
Feb 08, 2014, by admin
HTML5, the latest version of the language of the Web, was designed with Web applications in mind. It contains a slew of new application programming interfaces (APIs) designed to allow the Web developer to access device hardware and software using JavaScript.
Some of the more exciting HTML5 specifications include the following:
- Geolocation API lets the browser know where you are
- Media Capture API lets the browser access your camera and microphone
- File API lets the browser access your file system
- Web Storage API lets Web applications store large amounts of data on your computer
- DeviceOrientation Event Specification lets Web apps know when your device changes from portrait to landscape
- Messaging API gives the browser access to a mobile device’s messaging systems
- Contacts Manager API allows access to the contacts stored in a user’s contacts database
Concerns over HTML5 weakening privacy protections were most famously and visibly expressed on a front-page New York Times article back on Oct. 10, 2010. New Web Code Draws Concern Over Privacy Risks talks mostly about the additional tracking capabilities enabled by new HTML5 browser storage capabilities. In particular, Samy Kamkar’s Evercookie application is singled out as a particularly sinister example. Evercookie is a JavaScript app that writes tracking data to numerous places in a user’s browser, making the data difficult to remove through normal means. Even worse, Evercookie will recreate all cookies if it discovers that they’ve been removed.
