Tag Archives: WebKit

Protecting Photo Privacy Via Browsers

Posted on by
10

Browsers can do more to protect users from inadvertently violating their own privacy. The NY Times today had an article about a topic that has been discussed in various circles several times now. The existence of geotagging data in photos. Many cameras, in particular smart phones like the iPhone can tag photos with GPS data. This is pretty handy for various purposes including organizing photos at a later date, iPhoto for example does a pretty nice job of it. Most photo applications however don’t make this information very visible, as a result many users don’t even know it exists, others simply forget.

What the problem looks like

The data, embedded in a photo looks something like this:

GPSLatitude                    : 57.64911
GPSLongitude                   : 10.40744
GPSPosition                    : 57.64911 10.40744

Which I could map.

Proposal

I propose that browsers need to have a content policy for when users upload images that can better protect them from uploading information they may not even realize. Here’s what I’m imagining:

The first time a user attempts to upload a photo that has EXIF or XMP data containing location they are prompted if they want it stripped from the image they are uploading. The original file remains unharmed, just the uploaded version won’t have the data. They can also choose to have the browser remember their preference to prevent being prompted in the future. They can revise their choice in the preferences window later if they want. This isn’t to different from how popups are handled. I thnk that per-site policy might be too confusing and not warranted, but perhaps I’m wrong.

Warning users about hidden information they may be revealing is a worthwhile effort. It’s only a matter of time before someone uses a “contest” or some other form of social engineering to solicit pictures that may reveal location data for users. Evildoers always find creative ways to exploit people.

Caveat

There are a notable caveat to this approach. The most notable is that flash uploaders would bypass this security measure though individual uploaders could do it themselves, or Adobe could do it, but I don’t think that’s enough of a turnoff to this approach. The same caveat applied to “private browsing” in browsers.

Prior Work

As far as I know no browser actually implements a security feature like this yet. There are a few Firefox Add-ons like Exif Viewer and FxIF (both written in pure JavaScript) that look at EXIF data but nothing that intercepts uploads.

Who Can Do It First?

I’m curious who can do it first. By add-on (seems like it should be possible at least in Firefox), and dare I say include in a browser itself? If this were earlier in the year I would have added this to the Summer of Code ideas list. Instead I’m just throwing it into the wind until 2011 rolls around.

Steve Jobs: Thoughts On Flash

Posted on by
14

Apple today published a letter from Steve Jobs aptly title “Thoughts on Flash“. What’s interesting isn’t so much what he said, but what he alluded to. This letter is about Flash, but it’s also about the future if the iPhone platform strategy. It also alludes to the future importance of WebKit and the open web. Lets walk through this. From his points:

First, there’s “Open”.

Steve is right. Flash isn’t really “open”. The iPhone isn’t either by any means. In fact it’s the most restricted computing platform in the world as far as I know. What he did note is that the iPhone uses WebKit and by proxy the web is the most open platform on the planet. That’s very noteworthy.

Second, there’s the “full web”.

Flash video itself isn’t that great by todays standards. That’s why sites like YouTube are serving HD video in H.264 rather than VP6. H.264, VP8 and Theora are the future. If all 3 or just one will survive remains to be seen. Regardless any of them can be played outside of Flash. The dependency on Flash to build a player is going away more and more each day.

Regarding games, this is a silly point. Almost all Flash games need a keyboard or mouse to work. They would never work with a touch screen. Nor would they scale to fit the screen. They would need to be significantly reworked/rewritten.

This is yet more alluding to WebKit and HTML5 where there are solutions already in place.

Third, there’s reliability, security and performance.

It’s pretty hard to dispute the reliability of Flash. It’s by far the driving force behind things like out of process plugins (OOPP) in Firefox among other browsers. It’s also been subject to lots of security vulnerabilities.

Fourth, there’s battery life.

The WSJ quotes Adobe’s Shantanu Narayen as saying the claims of Flash being battery draining are “patently false” but if you look at a CPU monitor while browsing a page with Flash, you can see the load increase quite a bit. Blocking flash on your browser does speed things up and keep your system cooler. I’m very suspect that Adobe has solved this in cell phones when they don’t even seem to have it under control in Windows.

Fifth, there’s Touch.

I already mentioned that mouse/keyboard interfaces just don’t work on the iPhone. No need to rehash that.

Sixth, the most important reason.

That’s actually a vague header. The reason is that they don’t want a third-party sitting between the iPhone API’s and developers. If that happens, developers are limited to what that third-party decides to implement. At the very most developers on the Flash platform get whatever is supported on all Flash platform (greatest common denominator).

That leaves Apple in a stupid position. They could implement killer features in the iPhone and create amazing API’s to take advantage of the features. But if Adobe doesn’t see a way to support things across platforms, or just doesn’t see the cost/benefit of implementing that feature, developers can’t use it. That marginalizes the product for Apple as well as developers.

Conclusion

I found this very interesting that he closed it like this:

New open standards created in the mobile era, such as HTML5, will win on mobile devices (and PCs too). Perhaps Adobe should focus more on creating great HTML5 tools for the future, and less on criticizing Apple for leaving the past behind.

In February of 2007 Steve Jobs wrote another letter on DRM. It’s noteworthy because in January 2009 Apple launched the ability to buy non-DRM protected music. The letter was really a hint at where things were going. He’s repeating the PR strategy that he used then, make no mistake of it.

I have a feeling the day will come where the App Store is deprecated in favor of promoting HTML5 based Applications either directly off the web or packed similar to how Dashboard Widgets are done now on Mac OS X. The App Store will be around for quite some time, but it will eventually morph.

That is why WebKit is so important to Apple. They want to abstract their OS to the point where they can provide very high level hooks into features they want developers to be able to use. The current iPhone App SDK was a solution created by Apple as a way to let developers put applications on the iPhone as an afterthought. The moderation is so that they can keep their security record intact and could shut down a malicious app before trouble becomes rampant. That puts them in the position where they can either approve all content and be viewed as sleazy by more conservative folks, or they can let everything go and accept that reputation. They obviously made their decision. Developers and some geeks hate it, but 99% of the rest of the world doesn’t even know about the process. Nobody wants to know how sausage is made.

The App Store will likely morph to feature Dashboard Widget like applications (not to different from Palm’s WebOS). Apple will still be able to cash in via that distribution point since they can use DRM giving them the only way to actually sell a protected application. You can view them online via you’re browser.

That’s my prediction. The day will come when the iPhone SDK that we know today will be deprecated. WebKit and HTML5 aren’t there today, but the day will come when they will be the tier 1 development platform for the iPhone. Steve Jobs is just laying the groundwork today.

For desktops, other platforms and browsers it’s worth noting that there’s a lot to gain here.

Microsoft Joins W3C SVG Working Group

Posted on by
6

Microsoft is joining the W3C SVG Working Group. Presumably that means there’s some interest in SVG for IE or Silverlight or both. I wonder what led to the change of heart.

I pretty much wrote off any chance of SVG being mainstream in 2005 when Adobe bought Macromedia. Adobe was previously somewhat of a SVG pusher, but Macromedia obviously is the home of Flash. As expected the SVG love dried up. The gap that Adobe filled was adding support for SVG to IE. If IE supports it natively that’s a game changer.

Gecko already has decent support for SVG. WebKit has support for a while. Opera has support as well. Without analyzing in too much detail there should be a subset that’s usable across current browsers and hopefully IE by the time IE 9.0 ships.

I must admit given the choice I’m still more interested in Microsoft supporting <canvas/>, but no word on that as of yet. I’m still hopeful.

Hooray for web standards!

Adventures With document.documentElement.firstChild

Posted on by
10

Here’s an interesting DOM test-case I ran across inadvertently yesterday.

For the purpose of this post assume the following markup:

< !DOCTYPE html>
<html>
<!– i broke the dom –>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>Testcase</title>
</head>
<body>
<p>Something</p>
</body>
</html>

If I use document.documentElement.firstChild I don’t get consistent behavior. In Firefox and IE I get the <head/> element, which is what I was initially expecting. In WebKit (Safari/Chrome) and Opera. I get the HTML comment which I wasn’t.

Continue reading

Google Chrome OS

Posted on by
Reply

The big news over the past 24 hours is the announcement of Google Chrome OS. Effectively Google Chrome OS is a stripped down Linux Kernel with just enough to boot Chrome/WebKit as it’s main UI. The exact UI paradigm hasn’t been reveled as of yet. Google claims:

Speed, simplicity and security are the key aspects of Google Chrome OS. We’re designing the OS to be fast and lightweight, to start-up and get you onto the web in a few seconds. The user interface is minimal to stay out of your way, and most of the user experience takes place on the web. And as we did for the Google Chrome browser, we are going back to the basics and completely redesigning the underlying security architecture of the OS so that users don’t have to deal with viruses, malware and security updates. It should just work.

It’s an interesting and somewhat bold statement.

Continue reading

Chromium’s WebKit Fork Is No More

Posted on by
6

This is very cool news for both WebKit sand Chromium. Chromium will no longer use a forked version of WebKit. This will mean more contributions directly to WebKit and a more current Chromium.

I wish all browser vendors could agree and sync engines a bit more so that Safari/Chrome would ship the same version of WebKit rather than stagger based on their own release schedule. Same for Mozilla/Flock etc. While very difficult in many respects it would make it much easier on web developers to have less products out there to test against. I think it’s unlikely to happen, but that doesn’t mean it wouldn’t be convenient. Some Web Developer bias speaking here.

[Via: Tony Chang]

Is IE8 Trident’s Last Stand?

Posted on by
Reply

Randall C. Kennedy at InfoWorld wrote:

IE8 is the last version of the Internet Explorer Web browser. At least, that’s what I’m hearing through the grapevine. It seems that Microsoft is preparing to throw in the towel on its Internet Explorer engine once and for all.

There were rumors earlier this year that the IE team was looking at WebKit a few months ago. I said then and I still think that’s a real perilous approach considering the legacy they need to somehow support. The other approach is to start over, something that’s possibly on the works.

Any truth to these claims? I don’t know. Though I’d be curious to see how Microsoft handles it’s customers who expect old applications to keep working and others who want Microsoft to catch up with progress. I doubt they can go either way 100%. Which way will they lean? I think that’s anyone’s guess.

3rd Party Web Browsers For iPhone

Posted on by
1

There’s some buzz around the web regarding 3rd party web browsers for the iPhone now appearing in the App Store. This really isn’t as good as it sounds. In fact, it’s misleading. From what I can tell they are all using WebKit (Safari) API’s. UIWebView to be specific. These are just applications that serve as an alternative UI for WebKit.

This isn’t even totally new as there are several apps that have done this in the past, the most popular being Twitterrific who ships a “mini-browser” for the purpose of viewing links in tweets without leaving the application. What’s new is that an application’s sole purpose can be a browser. Though there’s no official word on a policy that I know of.

That means no you will not see Java, you will not see Flash, you will not see Firefox. You may perhaps see some user experience improvements which of course are welcome, but not another “browser”.

Palm Pre Thoughts

Posted on by
17

The big news today seems to be the new Palm Pre. It’s a rather beautiful device, though I’m not sure it will save Palm.

  • Developer API – Palm choose to make it literally a “WebOS” (that’s what they call it). Applications are written using HTML5, CSS, JS (via WebKit) and there are API’s to access a variety of services. While cool this does have a big downside. There’s no real way to make it into the gaming platform that the iPhone is becoming. <canvas/> can only take you so far animation wise, not to mention JS isn’t really an ideal language to make a full length game. These applications are essentially widgets. That’s fine for many/most mobile apps, but not all. It also doesn’t allow you to take advantage of 3rd party libraries that aren’t on the device or written in JS.
  • Development Community – Palm is going to have a tough time building a dedicated development community. There will be lots of “widgets” ported to the device, but with the iPhone being mandatory for hot new apps, Android showing lots of potential and backing, and BackBerry being ubiquitous, how many more platforms can developers target in this economy? There’s also Windows Mobile with an established user base. They will need to sell a lot of devices to attract developers.
  • Many Features Easily Duplicated – It has copy/paste, MMS, IM, and other things many people gripe about the iPhone not having. That said, they can be implemented in a software upgrade on the iPhone leveling out the playing field quickly. Hardware wise, the removable battery and 3MP camera can’t be easily duplicated. Those are solid enhancements.
  • Background Applications – Since it’s WebOS, the “applications” are nothing more than tabs in a browser. Application switching is then nothing more than switching tabs. How will this behave in real life? Hard to say. I’m hoping each “application” is isolated into it’s own process similar to Google Chrome rather than one process. I’m not sure how they balance CPU time between competing processes.
  • Battery Life – I can’t find much on battery life. I presume that depends on application usage but it’s not prominent on the Palm site or any review I’ve seen so far.

I should note that since it’s API is essentially building widgets using web technologies, don’t expect to see a Mozilla browser anytime soon. The closest you’d get is a Fennec-like UI built on and around WebKit. It could prove to be an interesting UI experiment, but it won’t share the same technologies.

It’s ironic but so far Windows, Android and BlackBerry are the only major mobile OS’s that allow 3rd party applications to be downloaded directly to the device unrestricted. Maemo does as well, but it’s more internet tablets. iPhone while based on open source require you go through a proprietary app store. Both the iPhone and Android have a kill switch so that they can terminate software that doesn’t abide by their policies. Palm (also based on open source Linux) won’t even allow true native applications so far.

It’s a cool device, but I wouldn’t declare Palm back from the dead yet, nor would I declare them dead. Like I said, it’s competing with 3 mega platforms for not only users, but developers whose applications will bring in users.

Update [1/9/2009 @ 9:45 AM EST]:Clarified App store requirement is for iPhone and that a kill switch exists on both the iPhone and Android.

Microsoft Cutting Back On IE?

Posted on by
10

Asa pointed out an interesting CNBC piece regarding cutbacks in what looks like contractors on the IE team:

One of the units already seeing cutbacks is Microsoft’s sagging browser business. A report in the Seattle Times says 180 contract workers were told last month that their services would not be renewed. Just yesterday, researcher Net Applications reported that Microsoft’s Internet Explorer browser registered 68 percent market share in December, down from 74 percent in May.

If this is true, and I think it is likely as CNBC is a rather reputable source of business news, I predict Trident’s days are numbered. As I pointed out back in November, Balmer suggested they might look at WebKit. I should note I do not think this will have any impact on IE 8, which is nearly complete. They could of course choose Gecko which would save them from needing to work with Google and Apple (which might freak out some government regulators).

The other very real option is to either license Opera’s Presto engine, or simply buy Opera which would give them some strength in the mobile market. I think Microsoft would prefer to buy simply because of the mobile implications. Opera has a decent foothold in the mobile market. They would still have the expense of developing a rendering engine but instead of playing catch up they would be much more “ready to play”. This would save them the overhead expenses of trying to cram several years of development to simply catch up to the other browsers. Since Presto is proprietary they still can utilize their other proprietary technologies without leaking any code to the open source community. As I said in the past, keeping things proprietary is important to Microsoft’s web strategy.

Poor standards compliant, performance, bugs lingering for years, security issues, are all issues that have plagued this rendering engine. The final nail in the coffin might end up being a recession and the need to cut costs.

Of course it’s possible Microsoft may not be renewing these contractors since IE 8 is nearly done and it will simply slow down IE 9 development, but I don’t think it’s likely considering the speed the competitors are going. I don’t think Microsoft will fall asleep at the wheel a second time.

So I’d like to adjust my statements back in November regarding Microsoft’s use of WebKit. I said before that it was unlikely. If this news is true, I think it’s becomes very realistic they will drop Trident. Maybe it really is as busted internally as we’ve all suspected for years.

There will still be fierce competition between WebKit, Gecko, and Presto regardless of what happens. Innovation and competition are essential to a healthy internet. This in fact makes it much more competitive since the one in last place in terms of supporting the latest in standards would suddenly catch up overnight.

Enough speculation for now. Lets see what turns out to be fact, and what turns out to be CompSci Fiction.

Edit [1/3/2009 @ 9:40 PM EST]:: Via Asa, apparently the layoffs were actually the MSN Homepages team, not the IE team as CNBC suggested.