Apps? No root? Your device serves others: Berners-Lee

Sir Tim Berners-Lee has warned that if you don't have administrator access on your device and it's full of proprietary apps, it really serves masters other than you.
Written by Stilgherrian , Contributor

"The right to have root on your machine," that is, full administrator access to your computing devices including smartphones, is a "key issue," Sir Tim Berners-Lee told a geek-heavy audience at the Linux.conf.au 2013 conference in Canberra this morning.

"The right to have root on your machine is the right to store things which operate on your behalf," he said.

Berners-Lee recognised that when ordinary users have administrator rights on their devices, it introduces a security risk: The applications they install might inherit those rights and use them to perform malicious actions.

"In the situation that we have apps working on someone else's behalf, then we need to work on the security models. The JavaScript security models, the containment of cross-site access, are the best we can do at the moment...If you've got ideas about how we can make it more manageable and more powerful...I'd like to hear."

Berners-Lee also spoke out against the trend of writing a native application for every platform — that is, an iPhone and iPad app for Apple's iOS devices, another for Android, and so on. It's a duplication of effort, and it's "boring for developers" to write and test similar code for each device, he said.

More importantly, each app becomes an isolated island of information, rather than being connected to the living web. "There's no URL in the top bar, so I can't bookmark it. I can't tweet it. I can't like it. I can't dislike it. It's not part of the discourse," Berners-Lee said.

Business should instead use open standards such as HTML5.

While the HTML5 specification is now an "embarrassingly large" document, the web's markup language now includes tags that allow video and other motion graphics to be embedded. Once JavaScript and all of its application programming interfaces (APIs) are added, HTML5 can do pretty much anything that Adobe's Flash or other proprietary web front end can do.

Berners-Lee pointed to the Financial Times' award-winning mobile site at m.ft.com as an example of what can be achieved. "Once you load the page, it pulls in all the pages of today's paper and sticks them on your device...just as though you're running an app," he said.

"Use the fact that, more and more, you can do [in HTML5] the things that a native app can do."

One of the key challenges, though, is building adaptable sites and the associated authentication systems that can allow a transaction begun "on my wristwatch" to be continued seamlessly on a wall-sized device with vastly more pixels.

Editorial standards