The definition of a privacy-aware HTTP browser
It is a well known fact that cross-site scripting and content is common-place. They are especially used for advertizing and user tracking. Consider what we call web bugs or beacons for instance.
For a number of years, mainstream browsers allow to optionally refuse to load images from other sources than the current site being viewed. Although this restriction is off by default, it should, on an ideal web, be on by default, with users needing to add sites to an exceptions list to allow cross-site images.
Ideally, a browser's default settings should be as follows:
Although a browser implementing these security features might break the current functionality of existing commercial and fraudulent sites, they should be considered unethical to not provide a version of their content not making use of any of the disabled functionality which was usually assumed to be enabled.
Since major corporations such as Google and IBM now have a foot into Firefox development, this goal appears difficult to achieve. It thus becomes necessary for a neutral third party to enforce those default behaviors into a security-aware browser, such as a Mozilla or Firefox based product shipped with better settings. If an official project can never achieve this level of security, a third party could write a single Firefox extension enforcing these settings by default. Although there exist extensions here and there which can be added to enhance privacy and security in certain ways, there is a need for a single, non-commercially sponsored one embedding all the necessary measures into one.
Trusted Computing should not be considered an eventual solution to such problems. TC is a major step backwards as for human rights are concerned, and is also controlled by a coalition of major multi-national corporations such as IBM, Sony, Microsoft, Intel and Apple. Their goal is to totally limit your hardware and software flexibility so that you may not gain real administrator status on your own systems.
The enormous amount of data which corporations and organizations are able to accumulate by current default browser functionality is of serious concern. Privacy is being frowned upon by common practices. The accumulation of personal data and the length at which this is done gives unwanted, unethical individuals an enormous amount of power. People should be sensibilized about this. This part can only be done through education. However, if standard browsers limited functionality to what is strictly necessary, the web industry and sites would have to work with what's available.
Other common web trends are probematic on the web, such as acceptance of Flash as a video media player. Flash does not suit properly for this job and direct links to videos, playable by specialized media of the user's choice should be used instead. Sites like YouTube unfortunately popularized this bad practice. There are few officially Flash-supported platforms, which restricts portability of the method. Moreover, this requires the user to accept to run arbitrary remote code in a proprietary, non-auditable framework. Additionally, it is an extreme waste of CPU and RAM resources.
In a better educated population, it would become easier to boycott the use of unethical or unappropriate trends. But people also need tools which are already configured to only encourage good practices. Privacy of course does not end here. People should also be informed about the type of information they disclose when using web services, such as the plethora of Google services. But this is another story.
The WWW is a kludge
Some could argue that these suggestions would prevent the web from evolving technologically. It is true that the web requires a full redesign. Many deprecated and standard technologies should also no longer be supported in a new design. The HTTP protocol itself should be dropped in favor of better protocols allowing more interactivity (and inherently designed to avoid all the mess HTTP became over time), eliminating the need for hacks such as AJAX.
The current web consists of a chaos of redundant technologies and kludges. It also has favored the development and public acceptance of extensions which should ideally not have been allowed, since they are unstandard, closed sourced as well as untrustable. There are various existing technologies which could replace Web v1 and 2 if they had more public exposure. Of course, migrating from a technology to another is not an easy task, and would initially require support as extensions for existing browsers, before eliminating the bloated mainstream browsers to totally replace the technology. Tools for content generation and server-side scripts should also be readily available to the public for the new technology.
The server-side technology should be distributed and scalable, as well as secure (using a determined security framework similar to BSD kauth to fine-grain authorize permissions of applications). If a client-side scripting framework is also supported, the user also should be able to configure the access permissions with ease, and the framework should be secure by default. The system also should be designed to support sessions without permitting the type of abuse possible with cookies. This also is another story.