The New York Whines ran an article over the weekend commenting on HTML5 privacy. The title of the piece was “Web Upgrade HTML5 May Weaken Privacy“. Please take notice of the word “may”. It tells you right there that they have no idea HTML5 will weaken privacy. They were just trying to get our attention and scare us because online privacy concerns are a hot issue. The article should have been titled “Future Thoughts About HTML5”.
The story in the non-story is about the “evercookie“. A programmer named Samy Kamkar created the evercookie which is a cookie that he thinks will be difficult to delete. The cookie data is stored in multiple places including several HTML5 locations. These are HTML5 Session, Local, Global, and Database Storage via SQLite. Cookies are also stored in RGB values of auto-generated, force-cached PNGs using the HTML5 Canvas tag to read pixels/cookies out again. The bulk of the storage locals are HTML5 but Flash and Silverlight do not get a free pass either. Yes, the evercookie can be stored using Local Shared Objects also known as Flash cookies. I had to mention that because Steve Jobs sends me a free Apple keychain every time I take a shot at Flash.
So does the evercookie put an end to the hopes and dreams of HTML5? No. HTML5 is still in the baby stage. Yes, HTML5 is not invincible but what is? All browsers, operating systems, etc… issue updates for security issues all the time. Why would HTML5 be any different. It is just business as usual. Somebody like Samy will come out with the “evercookie” and then a little while later someone like me will come up with the “evercookiemonster” that makes the evercookie just a cookie to be deleted at will. If you are scared about the much hyped evercookie, start a new session of the Safari browser with private browsing turned on. This technique should eliminate all data storage by the evercookie. HTML5 privacy concerns solved!