An idea I’ve been toying with for the last couple days is how to mitigate some of the privacy implications of web browsing. The modern browser gives up much more of your information than it really needs to, and the game seems weighted in favor of the advertisers. Especially with the impending ‘ping’ attribute and other modifications which make your online identity transparent to advertisers, it’s time for users to regain some of the control over the sites they visit.
I think a reasonable baseline is to provide an additional level of granularity for which resources should be loaded on a page. Right now, you get either the full experience, or you can disable all javascript & images to limit your exposure to tracking. From the users perspective, a reasonable equilibrium is to evaluate resources with the same policy as cookies — only make requests to the same origin as the main page.
It’s a simple concept. As a user, I asked for this page, not for ads.doubleclick or facebook – and that’s the content I want. There’s only minimal value lost by not requesting this content (one example would be google maps mashups.) but a either a whitelist or a click-to-load model would easily rectify that problem.
I hacked my local version of chrome to follow this security policy, and the web is surprisingly entirely usable. I haven’t hooked in the whitelist yet, and this is still entirely experimental but I hope it puts a bit of pressure on the notion that users don’t see the value of their private information.
I’ve attached the diff of my change – all 10 lines of it – and will do my best to shape it into something that is usable enough to actually submit to the chromium project.