W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2015

Re: Suggestion for sensitive online content

From: Nick Doty <npdoty@w3.org>
Date: Thu, 13 Aug 2015 13:56:00 -0700
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <9A5C49D4-AA6D-41EC-911F-6A9D6A40004E@w3.org>
To: François Légaré <flegare@gmail.com>
Hi François,

That's an interesting privacy problem and proposal. (I've changed the subject line, because I believe you're primarily talking about sensitive content, rather than sensible content.)

Work has begun recently in the WebAppSec group on a mechanism (HTTP response header) for sites to clear all local content (like cookies and localStorage) for their origin, as a security and privacy measure:
http://www.w3.org/TR/clear-site-data/ <http://www.w3.org/TR/clear-site-data/>

I'm not sure they're specifically considering the use case of wanting to clear browser history for a potentially sensitive website, but it sounds not dissimilar from their set of goals, so it would be worth considering.

The other existing technology that could be used would be declarative mechanisms for content selection, like PICS (deprecated) and POWDER:
http://www.w3.org/2007/powder/ <http://www.w3.org/2007/powder/>

That would be an existing mechanism to declare a value like, "sensitive-anonymous", which supporting user agents could interpret as a sign that they should use private browsing mode (no local cache).

It sounds like the site you're working with would be willing to spend the minor resources to implement this kind of flag. We would need to check whether prominent browser vendors are interested in implementing the client-side version.

Hope this helps,
Nick

> On Aug 12, 2015, at 10:42 AM, François Légaré <flegare@gmail.com> wrote:
> 
> Hi
> 
> I work for a big telecom company in Canada that currently give various sponsorship for mental health organisations. Part of the sponsorship is making sites and mobile applications to help individual get online help and access information and resources that are often sensible.
> 
> One example is  http://www.kidshelpphone.ca/ <http://www.kidshelpphone.ca/> they provide anonymous phone line for kids that may have issue or problem in their family. This lead to a sensitive problem, a kid visiting this site need to know how to clean browsing history since a adult seeing the browsing history might challenge the kids about the visit and lead to more stress or bigger problems. They did explain on the site header how to flush history and train visitor about the anonymous tab, this isn't perfect at all, because it really entirely on the user actions and the assumption that he read and understood the section.
> 
> Since not all internet user are tech savvy and are aware of the anonymous tabs, so my suggestion for the W3C would be the following:
> 
> A head meta tag that could help define sensitivity level of the online html content. This tag once detected by the browser could apply various policy to increase anonymity and reduce potential problems, ideally default policies would implicitly insure higher privacy for the end users.
> 
> For instance browser that detect the meta tag could automatically go in "anonymous mode" and don't track browsing history, remove cached content, etc. This will insure a more anonymous browsing experience for such site for users that are less aware of the already available privacy features. Content rating meta tag to some extends could be used but this is a bit far fetch but could be less involving since tags already exist.
> 
> Of course I'm quite sure, site with adult content would also be like such features but this is not really the issue I'm trying to resolve at this point.
> 
> According to some of the W3C members this is a valid place to submit this suggestion, I hope this will be well received.
> 
> Regards,
> 
> Francois



Received on Thursday, 13 August 2015 20:56:10 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 13 August 2015 20:56:11 UTC