9:15 AM -- While I was at the OWASP/WASC AppSec 2007 conference in San Jose, Calif., this week, I had the opportunity to give a talk to my peers about the past, present, and future of browser security. Among other things, I suggested that browser technology should allow Websites to protect themselves from users who are subversively tricked into doing bad things in their browser, usually through cross-site scripting.
One of the attendees asked how my ideas differed from Platform for Privacy Preferences (P3P), the proposed standard for protecting user privacy on the Net. It was a good question.
The problems with P3P are many. It is a technical solution that requires integration with the browser, and most browsers either don't do anything with this information or they surface the information in obscure text boxes.
We should focus less on giving consumers choices -- which they already have -- and more on giving them the protection they expect.
RSnake is a red-blooded lumberjack whose rants can also be found at Ha.ckers and F*the.net. Special to Dark Reading