Warning:
This wiki has been archived and is now read-only.
Main Page
Contents
Private User Agent (PUA) Community Group
The Private User Agent (PUA) Community Group is chartered to address covert sharing of User Agent (UA) state and to improve the security of the UA in this regard. The group seeks to standardize the designs necessary to achieve these goals, to develop extensions designed to mitigate inevitable losses of functionality, and to discuss and develop implementations and test suits. Mechanisms for expressing user privacy preferences to servers and content provides are outside the scope of this group.
This document is dedicated to the Public Domain to the extent possible, and is developed under the terms of the W3C Community Contributor License Agreement (CLA).
Suggested pronunciation of PUA sounds like 'pure'.
Drafts
These are working drafts or analysis of the issues or technical proposals to address the issues. A multitude of solutions are being explored at this stage, so consider adding separate pages for substantively different approaches or solutions.
Digital Rights Management
Digital Rights Management (DRM) on the web deserves some discussion as it generally requires the user to forfeit some control over their own computer and this could affect user control, security, and privacy.
Resources
- BrowserSpy.dk has a good list of information that browsers reveal about you.
- EFF's Panopticlick tool shows how unique your browser is and how trackable you are.
- Ever Cookie
- Towards Fine-Grained Access Control in JavaScript Contexts Kailas Patil, Xinshu Dong, Xiaolei Li, Zhenkai Liang, and Xuxian Jiang. In the 31st IEEE International Conference on Distributed Computing Systems (ICDCS), Minneapolis, MN, June 2011.
- ESCUDO: A Fine-grained Protection Model for Web Browsers Karthick Jayaraman, Wenliang Du, Balamurugan Rajagopalan, and Steve J. Chapin.
- Patterns for Privacy by Design in Javascript APIs (Draft) Robin Berjon, Daniel Appelquist. 2012.
- Fingerprinting Information in JavaScript Implementations Keaton Mowery, Dillon Bogenreif, Scott Yilek, and Hovav Shacham, 2011.
- Pixel Perfect: Fingerprinting Canvas in HTML5 Keaton Mowery and Hovav Shacham, 2011.
- Third-Party Web Tracking: Policy and Technology Jonathan R. Mayer and John C. Mitchell, 2012.
- On the fragility and limitations of current Browser-provided Clickjacking protection schemes Sebastian Lekies, Mario Heiderich, Dennis Appelt, Thorsten Holz, Martin Johns, 2012.
- Clickjacking: attacks and defenses Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, Stuart Schechter, Collin Jackson, 2012.
- Language-Based Isolation of Untrusted JavaScript Sergio Maffeis, Ankur Taly, 2009.
- UI Redressing: Attacks and Countermeasures Revisited Marcus Niemietz, 2011.
- The Multi-Principal OS Construction of the Gazelle Web Browser Helen J. Wang, Chris Grier, Alexander Moshchuk, Sam King, Piali Choudhury, and Herman Venter, 2009.