Privacy dangers of Google’s Web Bundles

Google is proposing a Webarchive-URL format that would allow websites to put reources in a bundle, allowing “sites to evade privacy and security tools in several ways” (including obfuscating, randomize, reuse or hide URLs) and “change the Web from a hyperlinked collection of resources (that can be audited, selectively fetched, or even replaced), to opaque all-or-nothing “blobs” (like PDFs or SWFs)”.

Researchers with the Brave browser posted this report about it:


How likely is this to happen? Like, is this actually going to spread across the web? If so… RIP internet

Would be interesting to see what the EU, national / state / provincial governments, corporate IT, the AppleFaceTwit, and others have said about the proposal.

Proposed standard or not Web Bundles are already integrated in Chromium and development versions of Google Chrome as a disabled experimental feature that users may enable on chrome://flags by searching for Web Bundles… And if Google wants they could enable it in Chrome (which has 65-70% of browser market share) tomorrow, standard or not.

As the report from Brave points out, Web Bundles allow sites to evade privacy and security tools, and that they make URLs less meaningful:

At root, the common cause of all these evasions is that WebBundles create a local namespace for resources, independent of what the rest of the world sees, and that this can cause all sorts of name confusion, undoing years of privacy-and-security-improving work by privacy activists and researchers.