W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2015

Re: indicating 'private browsing mode' over the net (was Re: Super Cookies in Privacy Browsing mode)

From: Wendy Seltzer <wseltzer@w3.org>
Date: Thu, 29 Jan 2015 10:41:07 -0500
Message-ID: <54CA5493.50101@w3.org>
To: David Singer <singer@apple.com>, chaals@yandex-team.ru
CC: Robin Wilton <wilton@isoc.org>, Joseph Hall Lorenzo <joe@cdt.org>, Bjoern Hoehrmann <derhoermi@gmx.net>, Wenning Rigo <rigo@w3.org>, "public-privacy mailing list) (W3C" <public-privacy@w3.org>
On 01/29/2015 09:43 AM, David Singer wrote:
> 
>> On Jan 29, 2015, at 15:33 , chaals@yandex-team.ru wrote:
>>
>> Basically +1… more inline
> 
> yay, I think you have it and we’re converging.  Yes, the [priest+doctor | server] clearly knows that it’s Chaals under both personae; but as you say, [he it] is being respectful that in one case they are treating your body and the other your soul, and keeps those considerations separate.
> 
> Yes, it’s like encountering your shrink at a party.  He knows it’s you, you know he knows; but he doesn’t expose in this context (the party) what he knows from the other context (the analysis sessions). That is respecting your privacy.

Interesting mix of norms and tech -- and yes, a different privacy threat
model from the one many of us are accustomed to considering. Here, we're
trusting the server to share our interests and want to help us enforce
the contextual boundaries we choose, even if its knowledge could span
those boundaries.

This model is a better match with the Web Origin security model -- where
an origin site is presumed to have control of the web application
security, and the end-user must choose to trust the origin (with limited
user-side overrides) or not visit the site.

I wonder what sorts of feedback could help to reinforce to end-users
that their trust was in fact merited.

--Wendy

-- 
Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
http://wendy.seltzer.org/        +1.617.863.0613 (mobile)
Received on Thursday, 29 January 2015 15:41:21 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 January 2015 15:41:22 UTC