New web privacy system makes surfing the web safer

Web surfing isn't necessarily the safest of activities, and often, we find our personal data compromised. Bugs and malicious code find their ways into even the most trusted websites.

So how can we protect ourselves? A group of researchers from University College London, Stanford Engineering, Google, Chalmers and Mozilla Research created a new system that protects users' privacy, but still allows web developers a broad range of flexibility to create apps that work with different websites.

Bugs and malicious code are common with JavaScript. And most of the top websites use some form of JavaScript, including code written by third parties. Sometimes these third parties have malicious intent and without a website owner knowing it, the JavaScript can often steal data from users' current browser tab, as well as other open tabs.

It's a common problem and there hasn't been a really good fix for it, at least not one that also benefits web developers. The current system, Same Origin Policy, or SOP, prevents JavaScript from accessing information from other websites you visit, but it does it in a way that prevents web developers from being able to use that information to make your visit to their website more functional.

For example, say you have a web app that lets you compare what you paid for products on Amazon to what other retailers charge for those products. To do this, the app needs information not just from Amazon, but also your bank statement. The web developer's code needs to pull in data from both, but SOP blocks this. There's a way to code around this, but it prompts the user to login to both sites, which means the app's owner now has access to all the information available on both sites, rather than just the information needed.

This is where the new code, Confinement with Origin Web Labels (COWL) comes in.

"COWL confines JavaScript programs that run within the browser, such as in separate tabs," says study co-author Brad Karp. If a JavaScript program embedded within one website reads information provided by another web site— legitimately or otherwise — COWL permits the data to be shared, but thereafter restricts the application receiving the information from communicating it to unauthorised parties."

This allows a web app access to necessary data, but prevents you from having to login to those other websites, keeping personal data private.

Researchers tested COWL with four applications: an encrypted document editor, a third-party application, a password manager and a website that deliberately uses untrusted third-party JavaScript code. Each test of the system protected the user's privacy.

COWL is available for download on October 15.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics