W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2015

RE: indicating 'private browsing mode' over the net (was Re: Super Cookies in Privacy Browsing mode)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Thu, 29 Jan 2015 18:09:09 -0000
To: "'Wendy Seltzer'" <wseltzer@w3.org>, "'David Singer'" <singer@apple.com>, <chaals@yandex-team.ru>
Cc: "'Robin Wilton'" <wilton@isoc.org>, "'Joseph Hall Lorenzo'" <joe@cdt.org>, "'Bjoern Hoehrmann'" <derhoermi@gmx.net>, "'Wenning Rigo'" <rigo@w3.org>, "'public-privacy mailing list\) \(W3C'" <public-privacy@w3.org>
Message-ID: <411b01d03bee$b04f32e0$10ed98a0$@baycloud.com>
Hash: SHA1

> Interesting mix of norms and tech -- and yes, a different privacy threat
> model from the one many of us are accustomed to considering. Here, we're
> trusting the server to share our interests and want to help us enforce
> the contextual boundaries we choose, even if its knowledge could span
> those boundaries.
> This model is a better match with the Web Origin security model -- where
> an origin site is presumed to have control of the web application
> security, and the end-user must choose to trust the origin (with limited
> user-side overrides) or not visit the site.
> I wonder what sorts of feedback could help to reinforce to end-users
> that their trust was in fact merited.
> --Wendy

It would have to include all the servers being accessed, third-parties also. I think David's header would be seen all of them, and it would only take one to ignore the contextual boundaries, decide to combine multiple personas with other data in a PII keyed database, then broadcast it to the world (and UA based UUIDs are far more reliably user-identifying than IP addresses which are usually ephemeral and non-unique). 

Maybe there should be an implicit web of trust that covers all the servers receiving user specific data on a page, where they all commit to a common declared level of privacy and security. The browser could then have UI to communicate that.

WebID could be used to identify all the parties (not just origins), and a manifest could define the trust relationship.


Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.4.19.5391 - http://www.gpg4o.com/
Charset: utf-8

Received on Thursday, 29 January 2015 18:11:08 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 January 2015 18:11:09 UTC