W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2015

Re: Super Cookies in Privacy Browsing mode

From: David Singer <singer@apple.com>
Date: Thu, 08 Jan 2015 14:39:34 -0800
Message-id: <7ED495AA-7E5B-4254-80CA-523CB644B9FB@apple.com>
To: W3C Privacy IG <public-privacy@w3.org>
I think we might need a consensus definition of what private browsing mode is, and how it affects servers.  We had some offline conversation about it at the workshop.

For example, for some people ‘private browsing’ starts a sandbox that is initialized from the regular browsing context (cookies and all), but that is discarded at the end of the private browsing session.  There’s no need for supercookies to correlate the regular browsing into private browsing, as the cookies are there.  Correlating the other way will simply raise the ire of users if you are not careful, as it would persist state and hence ‘leak’ from the private session back into the general one.

I have some ideas around codifying ‘private browsing mode’ and how to communicate ‘heh, I am trying to be private here!’ to servers.  Is this a topic of interest to others?

> On Jan 8, 2015, at 12:13 , Rigo Wenning <rigo@w3.org> wrote:
> 
> Happy New Year!
> 
> Interesting article about how HTTP Strict Transport Security can be used to 
> circumvent the protections in the private browsing mode. But it seems to be 
> fixed in firefox >34. I don't know about the other browsers. 
> 
> --Rigo

David Singer
Manager, Software Standards, Apple Inc.
Received on Thursday, 8 January 2015 22:40:04 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 8 January 2015 22:40:05 UTC