Help Your Users `Save-Data` (an HTTP header for Chrome) | CSS-Tricks

Help Your Users `Save-Data` Jeremy Wagner; In CSS-Tricks; 2017-10-02..

Original Sources


  • Apache configuration settings
  • Android Chrome only.
  • Chrome plugins to make it work “on the desktop.”

Reflections on the REST Architectural Style and “Principled Design of the Modern Web Architecture” | Fielding, Taylor, Erenkrantz, Gorlick, Whitehead, Khare, Oreizy

Roy T. Fielding, Richard N. Taylor, Justin Erenkrantz, Michael M. Gorlick, E. James Whitehead, Rohit Khare, Peyman Oreizy; Reflections on the REST Architectural Style and “Principled Design of the Modern Web Architecture; In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017); 2017; pages 4-11 (8 pages); landing


Seventeen years after its initial publication at ICSE 2000, the Representational State Transfer (REST) architectural style continues to hold significance as both a guide for understanding how the World Wide Web is designed to work and an example of how principled design, through the application of architectural styles, can impact the development and understanding of large-scale software architecture. However, REST has also become an industry buzzword: frequently abused to suit a particular argument, confused with the general notion of using HTTP, and denigrated for not being more like a programming methodology or implementation framework. In this paper, we chart the history, evolution, and shortcomings of REST, as well as several related architectural styles that it inspired, from the perspective of a chain of doctoral dissertations produced by the University of California’s Institute for Software Research at UC Irvine. These successive theses share a common theme: extending the insights of REST to new domains and, in their own way, exploring the boundary of software engineering as it applies to decentralized software architectures and architectural design. We conclude with discussion of the circumstances, environment, and organizational characteristics that gave rise to this body of work.


There are 59 references.


  • Roy T. Fielding, Richard N. Taylor. Principled Design of the Modern Web Architecture. In Proceedings of the 22nd International Conference on Software Engineering (ICSE). 2000. pages 407–416. IEEE, Limerick, Ireland.


  • Justin R. Erenkrantz. Computational REST: A New Model for Decentralized, Internet-Scale Applications. Ph.D. Dissertation. University of California, Irvine, Irvine, California, USA. 2009.
  • Roy T. Fielding. Architectural Styles and the Design of Network-based Software Architectures. Ph.D. Dissertation. University of California, Irvine, California, USA. 2000.
  • Michael Martin Gorlick. Computational State Transfer: An Architectural Style for Decentralized Systems. Ph.D. Dissertation. Technical Report UCI-ISR-16-3. University of California, Irvine, Irvine, California, USA. 2016.
  • David Alan Halls. Applying Mobile Code to Distributed Systems. Ph.D. Dissertation. University of Cambridge, Cambridge, UK. 1997.
  • Michael Hicks. Dynamic Software Updating. Ph.D. Dissertation. Computer and Information Science, University of Pennsylvania, Philadelphia, Pennsylvania, USA. 2001.
  • Rohit Khare. Extending the REpresentational State Transfer (REST) Architectural Style for Decentralized Systems. Ph.D. Dissertation. University of California, Irvine, California, USA. 2003.
  • Mark Samuel Miller. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. Ph.D. Dissertation. Johns Hopkins University, Baltimore, Maryland, USA. 2006.
  • Peyman Oreizy. Open architecture software: a flexible approach to decentralized software evolution. Ph.D. Dissertation. University of California, Irvine, Irvine, California, USA.
  • Emmet James Whitehead, Jr. An Analysis of the Hypertext Versioning Domain. Ph.D. Dissertation. Univ. of California, Irvine, Irvine, California, USA. 2000.


Separately noted.

Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints | Laperdrix, Rudametkin, Baudry

Pierre Laperdrix, Walter Rudametkin, Benoit Baudry; Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints; Technical Report hal-01285470v2, INRIA; 2016-03-14;; Also, in Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P 2016), 2016-05, San Jose, United States; landing.


Worldwide, the number of people and the time spent browsing the web keeps increasing. Accordingly, the technologies to enrich the user experience are evolving at an amazing pace. Many of these evolutions provide for a more interactive web (e.g., boom of JavaScript libraries, weekly innovations in HTML5), a more available web (e.g., explosion of mobile devices), a more secure web (e.g., Flash is disappearing, NPAPI plugins are being deprecated), and a more private web (e.g., increased legislation against cookies, huge success of extensions such as Ghostery and AdBlock).

Nevertheless, modern browser technologies, which provide the beauty and power of the web, also provide a darker side, a rich ecosystem of exploitable data that can be used to build unique browser fingerprints.

Our work explores the validity of browser fingerprinting in today’s environment. Over the past year, we have collected 118,934 fingerprints composed of 17 attributes gathered thanks to the most recent web technologies. We show that innovations in HTML5 provide access to highly discriminating attributes, notably with the use of the Canvas API which relies on multiple layers of the user’s system. In addition, we show that browser fingerprinting is as effective on mobile devices as it is on desktops and laptops, albeit for radically different reasons due to their more constrained hardware and software environments. We also evaluate how browser fingerprinting could stop being a threat to user privacy if some technological evolutions continue (e.g., disappearance of plugins) or are embraced by browser vendors (e.g., standard HTTP headers).

On Port 80 | Meredith L. Patterson

; On Port 80; In Medium; 2015-07-03.

It is withoutwith extreme irony that this had to be published on Medium which a closed-end walled platform on port 80 (port 443).  Medium unselfconsciously refers to itself a Platisher.


  • Analogies
    • IMAP, SMTP → webmail.
    • XMPP → (Facebook & Google) Talk.
    • FTP → Dropbox.
    • IRC → Twitter.
    • NNTP → Reddit, Google Groups.
  • Reddit is (was) the new Digg.
  • The new Reddit
  • Something about a reputation system.
  • Aether, AMP.
  • Reasoning
    • The web technologies allow for monitoring & surveillance in the name of
      • optimization
      • performance analysis
    • Ease of deployment with a central client-server paradigm
      • services scale, are thick & smart.
      • clients are thin & dumb.
    • A single user interface; a single style of user interface
      <quote>The one-interface-fits-all paradigm of the web era puts information overload to the sword. </quote>
    • There’s money in web.
      • Ads.

PriVaricator: Deceiving Fingerprinters with Little White Lies | Nikiforakis, Joosen, Livshits


Nick Nikiforakis, Wouter Joosen, Benjamin Livshits; PriVaricator: Deceiving Fingerprinters with Little White Lies; Technical Report MSR-TR-2014-26; Microsoft;
2014-02-28; 14 pages; landing.


This paper proposes a solution to the problem of browser-based fingerprinting. An important observation is that making fingerprints non-deterministic also makes them hard to link across subsequent web site visits. Our key insight is that when it comes to web tracking, the real problem with fingerprinting is not uniqueness of a fingerprint, it is linkability, i.e. the ability to connect the same fingerprint across multiple visits. In PriVaricator we use the power of randomization to “break” linkability by exploring a space of parameterized randomization policies. We evaluate our techniques in terms of being able to prevent fingerprinting and also in terms of not breaking existing (benign) sites. The best of our randomization policies renders all the fingerprinters we tested ineffective, while causing minimal damage on a set of 1,000 Alexa sites on which we tested, with no noticeable performance overhead.


Ars tests Internet surveillance—by spying on Steve Henn, an NPR reporter | Ars Technica

Ars tests Internet surveillance—by spying on an NPR reporter; In Ars Technica; 2014-06-11.
Teaser: A week spent playing NSA reveals just how much data we leak online.

Software in 2014 | Tim Bray

Time Bray; Software in 2014; In His Blog; 2014-01-01.

HTTPi for Practical End-to-End Web Content Integrity | Singh, Wang, Moshchuk, Jackson, Lee

Kapil Singh, Helen J. Wang, Alexander Moshchuk, Collin Jackson, Wenke Lee; HTTPi for Practical End-to-End Web Content Integrity; WHEN?; 19 pages.