practice
Doi: 10.1145/2398356.2398373
Article development led by
queue.acm.org
Unless you have taken very particular
precautions, assume every website
you visit knows exactly who you are.
By JeReMiaH GRossMaN
the Web Won’t
Be safe or
secure until
We Break it
the inteRnet WAs designed to deliver information,
but few people envisioned the vast amounts of
information that would be involved or the personal
nature of that information. Similarly, few could
have foreseen the potential flaws in the design of
the Internet—more specifically, Web browsers—
that would expose this personal information,
compromising the data of individuals and companies.
If people knew just how much of their personal
information they unwittingly make available to each
and every website they visit—even sites they’ve never
been to before—they would be disturbed. If they give
that website just one click of the mouse, out goes even
more personally identifiable data, including full name
and address, hometown, school, marital status, list
of friends, photos, other websites
they are logged in to, and in some cases, their browser’s autocomplete data
and history of other sites they have
visited.
Obtaining all this information has
been possible for years. Today’s most
popular browsers, including Chrome,
Firefox, Internet Explorer, and Safari,
do not offer adequate protection for
their users. This risk of data loss seems
to run counter to all the recent marketing hype about the new security features and improvements browser vendors have added to their products over
the past several years such as sandboxing, silent and automatic updates, increased software security, anti-phish-ing and anti-malware warnings, all of
which are enabled by default. While all
are welcome advancements, the fact is
IllustRatIOn by alICIa KubIsta/ andRIj bORys assOCIatEs