New web privacy system could revolutionize the safety of surfing

Researchers from Chalmers University of Technology, Stanford University, UCL, Google and Mozilla Research have built a new system that protects Internet users' privacy when they surf the Web and simultaneously increases flexibility for web developers to create applications that combine data from different websites.

To provide complex functionality, modern web applications are constructed by reusing building blocks provided by different organizations. For instance, many sites include third-party map services to overlay locations for points of interest. Unfortunately, web users' privacy can be compromised by accidentally incorporating error-prone or malicious content in the form of JavaScript code. By simply visiting a seemingly legitimate web site, users can set in motion pernicious behaviors, which might lead to expose their private data to unauthorized parties.

For the last four years, Prof. Alejandro Russo (Chalmers) and Prof. David Mazières (Stanford) have been developing new technology to preserve users' privacy on the web. Recently, and in collaboration with Google, Mozilla, and the University College of London (UCL), the team of security researchers built a novel privacy system called COWL (Confinement with Origin Web Labels). COWL protects Internet users’ privacy while flexibly allowing web applications to combine content from different parties. COWL provides a property known as ‘confinement’, an idea known since the 1970s, but proven difficult to deploy in practical systems like web browsers.

"What makes COWL unique is its simple design; the system naturally extends the existing web security model with three core concepts which allow the construction of privacy preserving web-services. This simplicity, and COWL's negligible performance overhead, are key to make the system attractive to web developers", said Prof. Russo.

COWL works with Mozilla’s Firefox and the open-source version of Google’s Chrome web browsers. Testing of COWL prototypes for the Chrome and Firefox web browsers shows the system provides strong security without perceptibly slowing the loading speed of web pages. Following today's announcement, COWL will be freely available for download and use on October 15 from http://cowl.ws.

The description of COWL will appear in the Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2014), a premier venue for operating systems research.