Dangerous Javascript

This article, titled "Knowing the User's Every Move...", is worrying. From the abstract: "In this paper, we investigate how detailed tracking of user interaction can be monitored using standard web technologies." In short, they have developed some JavaScript code (which runs in Netscape, Konqueror/Safari, IE and Opera) as well as proxy which transparently injects that code into page HTML before it is delivered to the client. This code enables detailed tracking of users actions including mouse movements, clicks and key presses.

This is particularly worrysome, as this mechanism can very easily be abused. Moreover, the current controls in, for example, Opera 9 are very inadequate. If I disable Javascript, then I can't use advanced AJAX applications, such as Gmail. On the other hand, there is no possibility to have Javascript enabled only for "trusted sites" stored in some list, and administered by the user.


No comments: