HTML5, a threat to privacy

The governing body of the web, World Wide Web Consortium, is to hold a special two day conference to discuss issues of privacy and security with the development of HTML5.

The conference is another in a series that have been held this year, has been called due to fresh fears for user privacy presented by the next version of the web coding language HTML.

Security firms are concerned that as the ‘cookie’ tracking technologies used in the new version of HTML can store user data for longer periods of time than possible before they will allow hackers greater access to personal information.

HTML5 allows website owners to create custom cookies on visitor’s machines that can store vast amount of a user’s browsing history.

Unlike previous cookies, which have limited uses and often expire after a short period of time, these HTML5 cookies can be stored on user’s machines for months, during which time they can collect more data about individual visitors. HTML 5 cookies are also capable of storing images, videos, video, text and location data.

Security firms and W3C are concerned that hackers will be able to access this personal information potentially giving them access to email and social networking data.

Concerns for users’ privacy are not just academic, in a test of the vulnerability of HTML 5 Samy Kamkar, a Californian programmer (@samykamkar), created a HTML5 cookie capable of tracking a user’s online activities. Called ‘evercookie’ Kamkar cookie can be downloaded without the users knowledge and, according to security experts is “not easily deleted.” His website is here http://samy.pl/ if you are brave enough to visit it.

While Kamkar’s cookie was developed to prove that such security holes exist there are fears that it could be used for more malicious reasons. He has made his code available to the public.