Privacy and security – integral to human rights and civil liberties – have long been important in the Web Consortium's agenda. For example, our work has been instrumental in improving Web security through the development of authentication technologies that can replace weak passwords and reduce the threats of phishing and other attacks.
However, users rightly fear the misuse of their personal data and being tracked online, including browser fingerprinting, the spread of disinformation, and other online harms. These are difficult and urgent challenges. We have begun discussions about how to help users find trustworthy content on the Web without increasing censorship.
Web Application Security
The Web Application Security Working Group is working on cross-site leak mitigation and on documenting how to deploy the security tools it has developed.
Privacy and security reviews
The Privacy Interest Group (PING) does privacy reviews of other groups' specifications. It has been using new tooling to track issues, and it has had renewed success making WGs aware of privacy and fingerprinting issues in their specifications.
PING is also writing a Target Privacy Threat Model document.
Security reviews are done by a pool of volunteer reviewers coordinated by the team. We welcome more people in that pool. Issues raised are tracked using the same tooling used by PING.