Update: Although geolocation is commonly referenced when discussing HTML 5, it is a API which is maintained in a separate specification and is not actually a new feature of HTML 5.

Identifying the physical location of a computer via HTML 5′s geolocation is now incredibly easy and only requires a few lines of JavaScript.

Due to the simplicity of geolocation and its ever growing support in modern browsers, it seems very probable that this could be exploited for malicious purposes. An example scenario of how malware could theoretically track the physical location of infected machine could be as follows.

1. Malware infects system and becomes memory resident.
2. Malware adds malicious website URL to a local web browser’s HTML 5 geolocation white list.
3. Malware launches hidden/backgrounded instance of web browser, navigating to malicious website URL.
4. Malicious website JavaScript utilises HTML 5 geolocation services to track physical location.
5. Physical location is relayed to server via AJAX or other means.
6. Steps 4 and 5 can be repeated as part of a loop containing time delay within the malicious website’s JavaScript.
7. Malware can monitor the memory resident state of the browser within the system’s process list and restart the hidden/backgrounded web browser instance if required.

In this example, the geolocation is all done via a local hidden user agent (web browser) using web technologies. The web part of the system, by its very nature, multi-platform. However, the initial piece of malware which launches the hidden web browser instance will likely be written in a platform specific manner.

Changing this, or writing multiple versions of the ‘browser launcher’ malware would effectively generate a form of malware which could track the physical location of users regardless of their operating system.

Do you think this kind of malware is a reasonable threat now or in the near future? What other potential problems exist for devices that can be identified by geolocation technologies?

In the vast majority of today’s websites, if a program is required to pick out a particular part of a HTML page, such as the main article, the sidebar or the top navigation, it would have to be programmed to do so on a per website and web page basis. This is because every website structures its HTML differently, unless based on an underlying package with a consistent HTML foot print.

Most current websites therefore use a variety of <p>, <div> and <span> tags to surround their content. These tags define style and do not obviously determine whether the contained content is part of the website’s navigation system or whether it is the main article or focus of the web page. The new HTML 5 tags aim to change this by explicitly defining content.

Defining content with specific HTML 5 tags will make websites easier to parse by computer programs. This could benefit accessibility readers for the blind and allow content aggregating systems and ‘mash-up’ websites to easily parse, link to and cite your articles. Content aggregation and automation of web page content retrieval is quite fundamental to some of the newer Web 2.0 sites and social networks. Good examples being Facebook’s automatic retrieval of web page information when a link is entered into a status update, or Reddit’s automatic thumbnail generation based on images found within the linked web page.

Here is a listed on related HTML content tags, as available from the W3C Schools website.

• <article> – Defines a main article on a page. Can include cite (citation) and pubdate (publishing date) attributes.
• <details> – States content details for a specific section. Can include an open attribute defining whether or not the details within are visible to the end-user.
• <figcaption> – States the caption for a figure as defined by the figure tag.
• <figure> – Usually used to group a set of elements.
• <footer> – Footer layout element. This is used to contain the footer content of the page, usually contains the website name, author and copyright information.
• <header> – Header layout element. This tag is designed to contain the top header of a document, usually showing the website logo, page and/or company title and subtitle.
• <hgroup> – A tag used to group together heading tags such as <h1>, <h2>, <h3> and so on.
• <keygen> – A key generation tag which defines a generated (encryption) key that can be associated with a HTML form.
• <meter> – The <meter> tag contains content which is deemed to be a measurement of some sort.
• <nav> – The <nav> tags stands for navigation and is designed to surround navigation links, such as those present in a sidebar bar or navigational header/footer.
• <summary> – The <summary> tag defines the title of a <details> element.
• <time> – This tags contains content which is a statement or measurement of time and/or date/time.

Unfortunately, it is likely that HTML 5 content tags with not be adopted completely for quite some time and there will likely continued use of existing HTML mark up and related styling of <div> and <span> tags for quite some time.