Technology

New Web presents a tangle of risks

By Tanzina Vega (The New York Times)
Updated: 2010-10-17 12:44
Large Medium Small
New Web presents a tangle of risks

Worries over Internet privacy have spurred lawsuits, conspiracy theories and consumer anxiety as marketers and others invent new ways to track computer users on the Internet.

But the alarmists have not seen anything yet. In the next few years, a powerful new suite of capabilities will become available to Web developers that could give marketers and advertisers access to many more details about computer users’ online activities.

The new Web code, the fifth version of Hypertext Markup Language used to create Web pages, is already in limited use. It will make it easier for users to view multimedia content without downloading extra software; check e-mail offline; or find a favorite restaurant or shop on a smartphone.

Most users will clearly welcome the additional features.

“It’s going to change everything about the Internet and the way we use it today,” said James Cox, 27, a freelance consultant and software developer at Smokeclouds, a New York City start-up company. “It’s not just HTML 5. It’s the new Web.”

Others are more cautious.

Most Web users are familiar with so-called cookies, which make it possible, for example, to log on to Web sites without having to retype user names and passwords, or to keep track of items placed in virtual shopping carts before they are bought.

The new Web language and its additional features present more tracking opportunities because the technology uses a process in which large amounts of data can be collected and stored on the user’s hard drive while online.Because of that process, advertisers and others could, experts say, see weeks or even months of personal data. That could include a user’s location, time zone, photographs, blogs, shopping carts, e-mails and Web pages visited.

Pam Dixon, the executive director of the World Privacy Forum in California, said: “HTML 5 opens a Pandora’s box of tracking in the Internet.”

Ian Jacobs, head of communications at the World Wide Web Consortium, said the development process for the new Web language would include a public review. “There is accountability,” he said. “This is not a secretcabal for global adoption of these core standards.”

The additional capabilities provided by the new Web language are already being put to use by Samy Kamkar, a California programmer best known in some circles for creating a virus called the “Samy Worm,” which took down MySpace.com in 2005.

Mr. Kamkar has now created a cookie that is not easily deleted, even by experts — something he calls an Evercookie.

Some observers call it a “supercookie”because it stores information in at least 10 places on a computer, far more than usually found.

Combining traditional tracking tools with new features that come with the new Web language, it’s described by some as “extremely persistent” or even “horrific.”

Mr. Kamkar said he did not create it to violate anyone’s privacy. He said he was curious about how advertisers tracked him on the Internet.

After cataloging what he found on his computer, he made the Evercookie to demonstrate just how thoroughly people’s computers could be infiltrated by the latest Internet technology.

“I think it’s O.K. for them to say we want to provide better service,” Mr. Kamkar said of advertisers who placed tracking cookies on his computer.

“However, I should also be able to opt out because it is my computer.”

Mr. Kamkar has made the code open to anyone who wants to examine it and says the cookie should be used “as a litmus test for preventing tracking.”

A recent spate of class-action lawsuits have accused large media companies like the Fox Entertainment Group and NBC Universal,and technology companies like Clearspring Technologies and Quantcast, of violating users’privacy by tracking their online activities even after they took steps to prevent that. Most people control their online privacy by adjusting settings in today’s most common Web browsers.

Each browser has different privacy settings,but not all of them have obvious settings for removing data created by the new Web language.

“Now there are so many sources of data storage, it’s very hard for browser manufacturers to handle that,” Mr. Cox said. Mr. Kamkar and privacy experts say that makers of Web browsers should agree on one control for eliminating all tracking capabilities at once.

“There should be simple enough controls to take care of every single thing,” said Ms.Dixon.

Hakon Wium Lie, the chief technology officer at Opera, a browser company, said it worries that the privacy settings it develops could be too strict. For example, he said, Opera once tried to put more controls on certain types of cookies, but users in Russia complained that the controls prevented a popular social networking site from working properly.

But software developers and the representatives of the World Wide Web argue that as technology advances, consumers have to balance its features against their privacy.

“You can do more, but you need to be aware of how your information might be used or misused,” Mr. Jacobs said. “It’s the human questions.”