Thu, 23 Sep 2010 14:32:48 GMT
Most modern browsers have an option for "private browsing". A nice feature, and its no secret that it has mainly been introduced for watching pr0n, though I am also using it for online-banking and if I have to use websites like ebay or msn, on which a lot of unwanted cookies are needed.
Well, this functionality mainly has the purpose of increasing the privacy. Since private data evolved to some sort of currency on the internet, there also evolved an arms race between customers and companies about it.
With people not willing to accept that they also have to use software outside their browsers, new "Web Technologies" evolved, which allow to get information about the websites users visited, about their interests, and so on.
I remember some hack that allowed to determine whether a link was already visited, similar to http://didyouwatchporn.com/, but without javascript, i.e. even with NoScript enabled. Unfortunately, I lost the link.
Then there is https://panopticlick.eff.org/, which creates a "browser fingerprint", which can be quite unique, especially when you care about privacy and therefore configure your browser. Using this technique, with a proper database-backend one can supplement a lot of functionality of cookies.
And then today I read about Evercookie (via), which tries to combine all of the "technologies" evolved (plus some additional ones) to really create persistent data. It even seems to use the browser cache for that purpose, caching images.
Well, it is an arms race. I am pretty sure, since this is open source, companies will start to use it - maybe not the same code, but it shouldnt cost too much to rebuild it. In my opinion, the most important thing would be to enlighten the users.
Then, the question is, what can be done on the technical side.
How about some sort of "cookie chroot"? Having more than one private mode at once. Having them persistent. But taking care that links outside that webinterface are opened in another "chroot".
Clearly, this is hard to implement, and the companies will find their way to deal with it, making it harder to rewrite external links - but at least it would be a start.
Well, this functionality mainly has the purpose of increasing the privacy. Since private data evolved to some sort of currency on the internet, there also evolved an arms race between customers and companies about it.
With people not willing to accept that they also have to use software outside their browsers, new "Web Technologies" evolved, which allow to get information about the websites users visited, about their interests, and so on.
I remember some hack that allowed to determine whether a link was already visited, similar to http://didyouwatchporn.com/, but without javascript, i.e. even with NoScript enabled. Unfortunately, I lost the link.
Then there is https://panopticlick.eff.org/, which creates a "browser fingerprint", which can be quite unique, especially when you care about privacy and therefore configure your browser. Using this technique, with a proper database-backend one can supplement a lot of functionality of cookies.
And then today I read about Evercookie (via), which tries to combine all of the "technologies" evolved (plus some additional ones) to really create persistent data. It even seems to use the browser cache for that purpose, caching images.
Well, it is an arms race. I am pretty sure, since this is open source, companies will start to use it - maybe not the same code, but it shouldnt cost too much to rebuild it. In my opinion, the most important thing would be to enlighten the users.
Then, the question is, what can be done on the technical side.
How about some sort of "cookie chroot"? Having more than one private mode at once. Having them persistent. But taking care that links outside that webinterface are opened in another "chroot".
Clearly, this is hard to implement, and the companies will find their way to deal with it, making it harder to rewrite external links - but at least it would be a start.