Re: indicating 'private browsing mode' over the net (was Re: Super Cookies in Privacy Browsing mode) from chaals@yandex-team.ru on 2015-01-29 (public-privacy@w3.org from January to March 2015)

From: <chaals@yandex-team.ru>
Date: Fri, 30 Jan 2015 01:31:41 +0300
To: Wendy Seltzer <wseltzer@w3.org>, David Singer <singer@apple.com>
Cc: Robin Wilton <wilton@isoc.org>, Joseph Hall Lorenzo <joe@cdt.org>, Bjoern Hoehrmann <derhoermi@gmx.net>, Wenning Rigo <rigo@w3.org>, "public-privacy mailing list) (W3C" <public-privacy@w3.org>
Message-Id: <359251422570701@webcorp01h.yandex-team.ru>

29.01.2015, 18:41, "Wendy Seltzer" <wseltzer@w3.org>:
> On 01/29/2015 09:43 AM, David Singer wrote:
>>>  On Jan 29, 2015, at 15:33 , chaals@yandex-team.ru wrote:
>>>
>>>  Basically +1… more inline
>>  yay, I think you have it and we’re converging.  Yes, the [priest+doctor | server] clearly knows that it’s Chaals under both personae; but as you say, [he it] is being respectful that in one case they are treating your body and the other your soul, and keeps those considerations separate.
>>
>>  Yes, it’s like encountering your shrink at a party.  He knows it’s you, you know he knows; but he doesn’t expose in this context (the party) what he knows from the other context (the analysis sessions). That is respecting your privacy.
>
> Interesting mix of norms and tech -- and yes, a different privacy threat
> model from the one many of us are accustomed to considering. Here, we're
> trusting the server to share our interests

Actually there is a quid pro quo. We'll give the server data, if they state that they will respect our conditions.

> and want to help us enforce
> the contextual boundaries we choose, even if its knowledge could span
> those boundaries.

Right.

> This model is a better match with the Web Origin security model -- where
> an origin site is presumed to have control of the web application
> security, and the end-user must choose to trust the origin (with limited
> user-side overrides) or not visit the site.

Yeah. And a better match with a lot of reality I think. 

The idea that you will use services in private mode without any of the convenience tracking and cookies give isn't one I would like a corporate security policy to be reliant on.

But the idea that you'll treat each other with respect, because it is in both parties' interest, is how people successfully collaborate from a scale of 1-on-1 to global geopolitics.

> I wonder what sorts of feedback could help to reinforce to end-users
> that their trust was in fact merited.

The obvious one is reputation management, which can be done by browsers, third parties, 

 If we developed some specific terms, you could go beyond that, but I doubt we would ever agree on them. 

On the other hand, using such a mode, in conjunction with a privacy-friendly regulatory environment and the sort of warning systems that currently protect us against malware, phishing and spam might be enough for a lot of people - and a motivator for competing services to find ways of demonstrating that they too are equally deserving of people's trust…

Which would probably be a step forward.

cheers

--
Charles McCathie Nevile - web standards - CTO Office, Yandex
chaals@yandex-team.ru - - - Find more at http://yandex.com

Received on Thursday, 29 January 2015 22:32:21 UTC