A new web specification tabled by Google could have serious ramifications for the privacy of internet users and the transparency of the web, a researcher has warned.
According to a blog post from Peter Snyder, Senior Privacy Researcher at Brave Software (developer of privacy-focused web browser Brave), Google’s new Web Bundles standard could afford advertisers and malicious actors the ability to circumvent privacy and security protections.
The new standard could also render ad-blockers redundant, preventing them from intercepting website resources via the usual avenue.
Snyder first expressed concern about the plans in February and claimed to be collaborating with the relevant parties to rectify issues with the standard, but apparently to no avail.
Google Web Bundles
The proposed Web Bundles standard is designed to ensure the integrity of a web page and its sub-resources by allowing websites to collect resources together into a single package.
By packaging up website resources into a .wbn file, content delivery networks can also be used to serve the sites, as opposed to remote servers.
However, as Snyder explains, Web Bundles will also inhibit the effectiveness of ad blocking tools and prevent researchers from teasing out and interrogating specific resources, which could have implications for user privacy and security.
“This threatens to change the web from a hyperlinked collection of resources (that can be audited, selectively fetched, or even replaced), to opaque all-or-nothing ‘blobs’ (like PDFs or SWFs),” he wrote.
“At root, what makes the web different, more open, more user-centric than other application systems, is the URL. Because URLs (generally) point to one thing, researchers and activists can measure, analyze and reason about those URLs in advance.”
According to Snyder, Web Bundles would allow malicious actors to evade privacy and security measures via a number of different avenues, including concealing dangerous URLs within the .wbn file and randomizing URLs for unwanted resources.
The proponents of the new standard claim it offers no new ways to invade privacy that do not already exist. While this may be true, Snyder argues these breaches of privacy will be made drastically easier and cheaper to perpetrate.
“While we appreciate the problems the Web Bundles and related proposals aim to solve, we believe there are other, better ways of achieving the same ends without compromising the open, transparent, user-first nature of the web,” Snyder added.
“We strongly encourage Google and the Web Bundle group to pause development on this proposal until the privacy and security issues have been addressed.”
Google did not immediately respond to our request for comment.
Via The Register