Privacy shouldn't be an afterthought in the browser. Data security within web and mobile apps relies on technical controls like the Same Origin Policy and sandboxing. As browsers add more complex features, they must weigh the trade-off between improving APIs for developers and limiting the ability of attackers to abuse those APIs. This presentation covers privacy attacks that apps may encounter.