It would be nice to have a mode in web browsers that lets us turn off the parts of HTTP and HTML that lend themselves to abuse when they are not needed.
Some would say: “If you don’t want those features, don’t use them.”
If only it were that simple!
The browser has evolved from a simple hypertext reader into a full-blown application platform. Every new capability adds to the attack surface. Here are just a few browser capabilities that can be used to compromise privacy and security:
- Media Capture API (Webcam / Microphone)
- HTML5 Canvas
- WebRTC (Peer-to-Peer Communications)
- WebGL (GPU / 3D Graphics Interface)
- Local Storage
There are so many things to investigate here. Even for an expert, finding an exploit is like looking for a needle in the haystack. Considering that some of the worst abusers are multi-billion dollar corporations, the average user is a sitting duck.
Some people handle this problem by manually disabling controversial things in the browser’s settings, but that is cumbersome, and some “features” cannot be disabled. The most popular approach is to use 3rd-party privacy add-ons in the browser, but God only knows what some of those things get up to.
This protocol modification (lets make it sfwb://, for safe web) would serve as a browser-enforced contract that makes the HTTP request and the HTML document far less capable of abusing your privacy or your computer.
On an sfwb:// request (basically still HTTP), the browser will enforce the following:
- no cookie information is sent, all received cookie information is discarded
- to neuter web beacons, no linked assets (images, audio, iframes, etc.)
- all media assets (images, audio, etc.) to be embedded into document as base-64 data URIs (to supplement rule #3)
- perhaps this is paranoia, but disable caching to prevent security leaks in non-SFWB pages from inspecting the cache or history of SFWB documents
This would essentially be a step beyond Safe Mode for document-centric (as opposed to application-centric) web pages. It would also be handy for safely rendering rich e-mails inside the browser without having to resort to document scrubbing.