[LINK] Why Steve Jobs Insists on HTML5

Roger Clarke Roger.Clarke at xamax.com.au
Tue Oct 12 07:16:25 AEDT 2010 

New Web Code Draws Concern Over Privacy Risks
By TANZINA VEGA
Published: October 10, 2010
http://www.nytimes.com/2010/10/11/business/media/11privacy.html?_r=1

Worries over Internet privacy have spurred lawsuits, conspiracy 
theories and consumer anxiety as marketers and others invent new ways 
to track computer users on the Internet. But the alarmists have not 
seen anything yet.

In the next few years, a powerful new suite of capabilities will 
become available to Web developers that could give marketers and 
advertisers access to many more details about computer users' online 
activities. Nearly everyone who uses the Internet will face the 
privacy risks that come with those capabilities, which are an 
integral part of the Web language that will soon power the Internet: 
HTML 5.

The new Web code, the fifth version of Hypertext Markup Language used 
to create Web pages, is already in limited use, and it promises to 
usher in a new era of Internet browsing within the next few years. It 
will make it easier for users to view multimedia content without 
downloading extra software; check e-mail offline; or find a favorite 
restaurant or shop on a smartphone.

Most users will clearly welcome the additional features that come 
with the new Web language.

"It's going to change everything about the Internet and the way we 
use it today," said James Cox, 27, a freelance consultant and 
software developer at Smokeclouds, a New York City start-up company. 
"It's not just HTML 5. It's the new Web."

But others, while also enthusiastic about the changes, are more cautious.

Most Web users are familiar with so-called cookies, which make it 
possible, for example, to log on to Web sites without having to 
retype user names and passwords, or to keep track of items placed in 
virtual shopping carts before they are bought.

The new Web language and its additional features present more 
tracking opportunities because the technology uses a process in which 
large amounts of data can be collected and stored on the user's hard 
drive while online. Because of that process, advertisers and others 
could, experts say, see weeks or even months of personal data. That 
could include a user's location, time zone, photographs, text from 
blogs, shopping cart contents, e-mails and a history of the Web pages 
visited.

The new Web language "gives trackers one more bucket to put tracking 
information into," said Hakon Wium Lie, the chief technology officer 
at Opera, a browser company.

Or as Pam Dixon, the executive director of the World Privacy Forum in 
California, said: "HTML 5 opens Pandora's box of tracking in the 
Internet."

Representatives from the World Wide Web Consortium say they are 
taking questions about user privacy very seriously. The organization, 
which oversees the specifications developers turn to for the new Web 
language, will hold a two-day workshop on Internet technologies and 
privacy:
http://www.iab.org/about/workshops/privacy/

[What a travesty - design a surveillance technology first, then hold 
a conference to discuss what you might have done instead.]

Ian Jacobs, head of communications at the consortium, said the 
development process for the new Web language would include a public 
review. "There is accountability," he said. "This is not a secret 
cabal for global adoption of these core standards."

The additional capabilities provided by the new Web language are 
already being put to use by a California programmer who has created 
what, at first glance, could be a major new threat to online privacy.

Samy Kamkar, a California programmer best known in some circles for 
creating a virus called the "Samy Worm," which took down MySpace.com 
in 2005, has created a cookie that is not easily deleted, even by 
experts - something he calls an Evercookie.

Some observers call it a "supercookie" because it stores information 
in at least 10 places on a computer, far more than usually found. It 
combines traditional tracking tools with new features that come with 
the new Web language.

In creating the cookie, Mr. Kamkar has drawn comments from bloggers 
across the Internet whose descriptions of it range from "extremely 
persistent" to "horrific."

Mr. Kamkar, however, said he did not create it to violate anyone's 
privacy. He said was curious about how advertisers tracked him on the 
Internet. After cataloging what he found on his computer, he made the 
Evercookie to demonstrate just how thoroughly people's computers 
could be infiltrated by the latest Internet technology.

"I think it's O.K. for them to say we want to provide better 
service," Mr. Kamkar said of advertisers who placed tracking cookies 
on his computer. "However, I should also be able to opt out because 
it is my computer."

Mr. Kamkar, whose 2005 virus circumvented browser safeguards and 
added more than a million "friends" to his MySpace page in less than 
20 hours, said he had no plans to profit from the Evercookie and did 
not intend to sell it to advertisers.

"That wouldn't have been difficult," he said. Instead, he has made 
the code open to anyone who wants to examine it and says the cookie 
should be used "as a litmus test for preventing tracking."

A recent spate of class-action lawsuits have accused large media 
companies like the Fox Entertainment Group and NBC Universal, and 
technology companies like Clearspring Technologies and Quantcast, of 
violating users' privacy by tracking their online activities even 
after they took steps to prevent that.

Most people control their online privacy by adjusting settings in 
today's most common Web browsers, which include Internet Explorer by 
Microsoft, Firefox by Mozilla, Safari by Apple and Opera, which is 
used mostly in Europe and Asia and on mobile devices.

Each browser has different privacy settings, but not all of them have 
obvious settings for removing data created by the new Web language. 
Even the most proficient software engineers and developers 
acknowledge that deleting that data is tricky and may require 
multiple steps.

"Now there are so many sources of data storage, it's very hard for 
browser manufacturers to handle that," Mr. Cox said.

Mr. Kamkar and privacy experts say that makers of Web browsers should 
agree on one control for eliminating all tracking capabilities at 
once. "There should be simple enough controls to take care of every 
single thing," said Ms. Dixon, who added that some browsers 
automatically collected large amounts of data unless a user told them 
not to.

Mr. Lie acknowledged that such companies "do have a lot of power." 
But he said they worry that the privacy settings they develop could 
be too strict. For example, he said Opera once tried to put more 
controls on certain types of cookies, but users in Russia complained 
that the controls prevented a popular social networking site from 
working properly.

But software developers and the representatives of the World Wide Web 
argue that as technology advances, consumers have to balance its 
speed and features against their ability to control their privacy.

"You can do more, but you need to be aware of how your information 
might be used or misused," Mr. Jacobs said. "It's the human 
questions."


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list