Privacy and security – integral to human rights and civil liberties – have long been important in the Web Consortium's agenda. For example, our work has been instrumental in improving Web security through the development of authentication technologies that can replace weak passwords and reduce the threats of phishing and other attacks.
However, users rightly fear the misuse of their personal data and being tracked online, including browser fingerprinting, the spread of disinformation, and other online harms. These are difficult and urgent challenges. We have begun discussions about how to help users find trustworthy content on the Web without increasing censorship.
The Privacy Community Group hosts incubation of new specifications. The group is seeing vibrant participation; its calls routinely draw over 50 participants. Work items include:
- NEW: Ways to mitigation "navigation tracking."
- A mechanism for private click measurement that may be useful to measure advertising success while also preserving user privacy.
- A proposal for isolating sites' data from each other and an API for requesting access to blocked storage.
- Two proposals that may help facilitate login state management in a world where third-party cookies and other tracking mechanisms are being rapidly deprecated: a proposal to declare what domain names are connected to each other and an API to tell a browser if a user is logged into a site.
Unlinkable and unphishable authentication
The group is adding new features including device-loss recovery and other API enhancements to the group's scope.
The group focuses on related work in adoption with the WebAuthn Adoption Community Group.
🎥 Watch a short Web Authentication Adoption Community Group video update (October 2021, 5 minutes) by Nick Steele.