Researchers design label restriction system for javascript apps

Researchers from UCL, Stanford Engineering, Google, Chalmers University and Mozilla Research have developed a new system that would significantly improve internet user privacy while allowing web apps to collect information from multiple sites.

The system is called COWL, or Confinement with Origin Web Labels, and currently runs on Firefox and Chromium, the open source version of Chrome, UCL describes. The system imposes restrictions on javascript by means of so-called ‘contexts’. For example, users must be protected against the leakage of sensitive information to unauthorized parties via, for example, malicious scripts. At the same time, it should remain possible for web programmers to build web apps that collect and process data from different websites, such as mashups.

The COWL technology accepts that information is shared, but does allow developers to impose some restrictions. For example, javascript code can read and process data, legitimate or not, from another website, but thanks to COWL the source can indicate that this information may no longer be shared with other parties. Implementing COWL in the browser would have virtually no negative impact on the processing speed of web apps.

For example, if a web app wants to compare prices, it currently still needs to write javascript code to collect information from multiple websites. Current security systems could block such actions because the information comes from different domains.

Same Origin Policy is an example of such a system. To avoid this mechanism, login codes are often requested, so that the data can still be exchanged. The researchers therefore say that the current security system more or less obliges web designers to make choices that can damage the privacy of internet users. COWL would offer a good alternative for this. The code for COWL can be downloaded free of charge from October 15, the researchers have announced.