Scientists from UCL, Stanford Engineering, Google, Chalmers and Mozilla Research have built a new system that protects Internet users’ privacy whilst increasing the flexibility for web developers to build web applications that combine data from different web sites, dramatically improving the safety of surfing the web.
The system, ‘Confinement with Origin Web Labels,’ or COWL, works with Mozilla’s Firefox and the open-source version of Google’s Chrome web browsers and prevents malicious code in a web site from leaking sensitive information to unauthorised parties, whilst allowing code in a web site to display content drawn from multiple web sites – an essential function for modern, feature-rich web applications.
Testing of COWL prototypes for the Chrome and Firefox web browsers shows the system provides strong security without perceptibly slowing the loading speed of web pages. Following its announcement today, COWL will be freely available for download and use on October 15 from http://cowl.ws. The team who developed it, including two PhD students from Stanford (working in collaboration with Mozilla Research) and a recently graduated PhD from UCL (now employed by Google), hope COWL will be widely adopted by web developers.
Currently, web users’ privacy can be compromised by malicious JavaScript code hidden in seemingly legitimate web sites. The web site’s operator may have incorporated code obtained elsewhere into his or her web site without realising that the code contains bugs or is malicious. Such code can access sensitive data within the same or other browser tabs, allowing unauthorised parties to obtain or modify data without the user’s knowledge.
The research team describe COWL in a paper published in the Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation.
Co-author Professor Brad Karp (UCL Computer Science) said: “COWL achieves both privacy for the user and flexibility for the web application developer. Achieving both these aims, which are often in opposition in many system designs, is one of the central challenges in computer systems security research.
“The new system provides a property known as ‘confinement’ which has been known since the 1970s, but proven difficult to achieve in practical systems like web browsers. COWL confines JavaScript programs that run within the browser, such as in separate tabs. If a JavaScript program embedded within one web site reads information provided by another web site – legitimately or otherwise – COWL permits the data to be shared, but thereafter restricts the application receiving the information from communicating it to unauthorised parties. As a result, the site that shares data maintains control over it, even after sharing the information within the browser.”
The Latest on: Web privacy system
[google_news title=”” keyword=”web privacy system” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Web privacy system
- Online Voting Terms and Conditions / Privacy Noticeon April 26, 2024 at 7:42 am
Where the vote result has a consequence the BBC will endeavour to meet it but editorial requirements may lead to a change in schedule or a change in programme content. However, the vote result stands.
- DOJ Arrests Bitcoin Wallet Founders Amid Cash-Like Privacy Concernson April 26, 2024 at 5:30 am
Advocates for regulation argue that cryptocurrencies could become safe havens for criminals without rules. They cite cases like Silk Road, where bitcoin was used for illegal goods transactions. By ...
- Google to Fix Privacy Issues on Android TVson April 26, 2024 at 1:35 am
Google has started updating Android TV software to prevent a privacy issue that could let people access the owner's emails. Android TV’s, which come with the Android operating system, usually keep the ...
- Nebraska’s New Data Privacy Law Doesn’t Trend New Ground, With One Exceptionon April 25, 2024 at 6:30 pm
Nebraska became the fourth state this year, and the sixteenth overall to pass a data privacy statute. Besides one key difference, the law follows familiar language.
- Google is updating Android TVs to fix a big Gmail privacy problemon April 25, 2024 at 2:39 pm
Google is working on a fix to block crafty individuals from gaining access to the emails of accounts logged in to some Android TV units. The Android TV operating system, which is preloaded on many ...
- Can We Balance Security And Privacy? Thoughts 10 Years After Snowdenon April 24, 2024 at 4:00 am
If we submit to general mass surveillance out of false fears of terrorists, we give up not just our privacy but also our freedom.
- This is how Android 15 could beef up privacyon April 23, 2024 at 11:53 pm
When Android 15 comes around, we expect it to be better in each and every way compared to Android 14. A several billion users' mobile operating system could introduce enhanced privacy, according to ...
- 5 web browsers you should use instead of Google Chrome or Edgeon April 23, 2024 at 7:30 am
Sick of Google Chrome and Microsoft Edge and want a new web browser? We’ve got five of the best alternatives that will elevate your browsing experience.
- Google Privacy Sandbox and What Brands Need to Knowon April 23, 2024 at 5:49 am
How Google Privacy Sandbox is a privacy-first alternative, and how it fits into the future of cookieless marketing and advertising.
- DuckDuckGo VPN: A User-Friendly Privacy Boost, but Not for Power Userson April 19, 2024 at 5:15 am
While there are more feature-packed VPNs, it’s hard to complain about the intuitiveness and value of DuckDuckGo’s no-frills virtual private network.
via Bing News