The AJAX danger that never was

I can’t believe how much hype this article is generating. From the article:

Like so many technologies-gone-bad before it, this technology was created for the purpose of good. And until now, the XMLHttpRequest has been so good it could almost be considered saintly, providing users and developers alike with such conveniences as input validation without post-back, text area spell checkers, and Gmail. Interfaces built with AJAX are fun to use and even more fun to program. It’s almost hard to imagine that such a miraculous object could ever do wrong.

But even without the discovery of a giant security hole, the XMLHttpRequest will likely fall from grace. Its fall will be in the form of “user over-profiling” for want of a better description. Currently, user profiling helps Web site owners detect trends, track page viewing habits and iron out usability problems. Until now though, developers could only analyze posted data—data that users decided they wanted the server to get, and were happy to send off for processing.

This is just ridiculous. Not only is it dead wrong technically, it makes assumptions that just because a technology is gaining recent popularity, the potential is there for security flaws to appear.

Let’s take a look at this claim from the article: Until now though, developers could only analyze posted data—data that users decided they wanted the server to get, and were happy to send off for processing.

Let me share some information with you: The internet is not private. Ever since the first day you opened a web browser and started visiting websites you have been tracked. This is no secret, everyone knows about cookies and how websites use them to store data. Recently there have even been reports of people realizing that they might not need cookies and starting to regularly delete them.

You don’t need to submit any forms for them to track you. You don’t even need AJAX or even Javascript. You merely need to visit their website with a web browser that accepts cookies or images. Nearly every browser does this by default and behind the scenes so you never know it’s happening. Advertising companies are tracking the ads you view, remembering which ones you click on so they can target you with ads they think you will click more. Websites you visit are tracking your movement through their site to see which pages you view most, and which pages you miss. They’ll be analyzing this data in their board rooms and asking questions about how to make you stay longer and click more ads.

AJAX brings nothing new to the table. Even in a browser that doesn’t support XMLHttpRequest, I can track your movements and clicks and any information you put into forms (yes, even before you submit that form). All you need is some very simple Javascript and a server side language to catch the input. This can be done easily in Netscape Navigator 3.

When you use the internet, you are giving up parts of your privacy. When you enter information into a website you are trusting that website with whatever information you give it. This is how the internet works, and how it will work for years to come (if not forever). Either get used to it, or it’s time for you to get a bigger tin foil hat.

Anyway, back to my original point: The article is simply uninformed whining, and I’m very surprised any technical website would publish such a hyped up piece of crap. They may as well have written an article on the ‘Dangers of cookies’ and published that instead. I’m even more surprised at the amount of attention it’s getting.

Netscape 8 beta released

AOL has just released the first beta of Netscape 8.

Unfortunately it only runs on Windows machines, which means I’ll have to wait until tomorrow to check it out. It can use either the IE rendering engine or the Firefox (Gecko) engine, but I’m not sure which one it defaults to. I mentioned a while back that I was wary of the option to switch the rendering engine as most users will have no idea what it actually does even if they do delve into the options and find it there.

They also seem to have completely ignored any usability guidelines for Windows applications and gone with a non-standard application window layout. The menu bar is shifted to the left, and there is an amazing amount of clutter around the toolbars and tabs (View Screenshot).

This article even mentions how they “reduce browser clutter” by “including a ‘Multibar’ feature that combines up to 10 customizable toolbars into single buttons.” How they decided that giving users ‘up to 10 customizable toolbars’ would ‘reduce browser clutter’ is beyond me.

New Netscape browser screenshots

I just saw some screenshots of the new Netscape browser that is in development.

Of particular interest is this one that shows a preference pane with the option to “Display like Netscape” or “Display like Internet Explorer”. This really seems strange to me, since 95% or more of internet users these days proabably don’t know the difference between the two.

So who is this feature for? The web developers who need to test their content on multiple browsers? Surely most web developers would use the full versions of these browsers to check their pages, but now this adds an additional possibility of your pages breaking. Not only will you have to check your pages in “Netscape,” but “Netscape using Internet Explorer.”

Firefox 1.0 released

I’m entering this post right now with Firefox 1.0 (ftp download). Looks like they added in a more visible ‘critical updates’ notification (little red thing shows up next to the search box). Also of note, is the new Firefox Google start page. Hmm, I wonder what Google could be cooking up.

UPDATE: Also, if you feel like giving a little to help further develop Firefox and the other cool Mozilla Foundation projects, you could always buy a Firefox t-shirt. I just bought a Navy one.