A new web specification tabled by Google (opens in new tab) could have serious ramifications for the privacy of internet users and the transparency of the web, a researcher has warned.
According to a blog post (opens in new tab) from Peter Snyder, Senior Privacy Researcher at Brave Software (developer of privacy-focused web browser Brave (opens in new tab)), Google’s new Web Bundles standard could afford advertisers and malicious actors the ability to circumvent privacy and security protections.
The new standard could also render ad-blockers redundant, preventing them from intercepting website resources via the usual avenue.
- Here's our list of the best VPN (opens in new tab) services around
- We've built a list of the best Windows 10 VPNs (opens in new tab) out there
- Check out our list of the best Android VPN (opens in new tab) apps available
Snyder first expressed concern about the plans in February and claimed to be collaborating with the relevant parties to rectify issues with the standard, but apparently to no avail.
Google Web Bundles
The proposed Web Bundles standard is designed to ensure the integrity of a web page and its sub-resources by allowing websites to collect resources together into a single package.
By packaging up website resources into a .wbn file, content delivery networks (opens in new tab) can also be used to serve the sites, as opposed to remote servers.
However, as Snyder explains, Web Bundles will also inhibit the effectiveness of ad blocking tools and prevent researchers from teasing out and interrogating specific resources, which could have implications for user privacy and security.
“This threatens to change the web from a hyperlinked collection of resources (that can be audited, selectively fetched, or even replaced), to opaque all-or-nothing ‘blobs’ (like PDFs or SWFs),” he wrote.
“At root, what makes the web different, more open, more user-centric than other application systems, is the URL. Because URLs (generally) point to one thing, researchers and activists can measure, analyze and reason about those URLs in advance.”
According to Snyder, Web Bundles would allow malicious actors to evade privacy and security measures via a number of different avenues, including concealing dangerous URLs within the .wbn file and randomizing URLs for unwanted resources.
The proponents of the new standard claim it offers no new ways to invade privacy that do not already exist. While this may be true, Snyder argues these breaches of privacy will be made drastically easier and cheaper to perpetrate.
“While we appreciate the problems the Web Bundles and related proposals aim to solve, we believe there are other, better ways of achieving the same ends without compromising the open, transparent, user-first nature of the web,” Snyder added.
“We strongly encourage Google and the Web Bundle group to pause development on this proposal until the privacy and security issues have been addressed.”
Google did not immediately respond to our request for comment.
- Here's our list of the best anonymous browsers (opens in new tab) right now
Via The Register (opens in new tab)