W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2015

Re: Suggestion for sensitive online content

From: joseph alhadeff <joseph.alhadeff@oracle.com>
Date: Mon, 17 Aug 2015 15:49:01 -0400
Message-ID: <55D23AAD.2090404@oracle.com>
To: David Singer <singer@apple.com>, Nicholas Doty <npdoty@w3.org>
CC: François Légaré <flegare@gmail.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
I am also thinking of simpler things like cookies which preclude the 
need for motor/sight impaired users to re-enter data.  Many users may 
also not be aware of the implications of such wipes of data for their 
interactions with the website - should they be involved in the decision 
of what to keep in return for what service?  If so the language related 
to that exchange has never been well mastered.  In some cases we must 
also recall that interactions with a website related to sensitive 
information may need to be maintained by the site for audit, 
accountability or non-repudiation purposes... I understand the working 
group may operate mostly in the world of tech implementing the 
mitigation, but perhaps we should think more of how tech, policy and 
practice can all work together in a compliance governance ecosystem?  
Again, apologies if this is already in the thread...


On 8/17/2015 2:39 PM, David Singer wrote:
>> On Aug 15, 2015, at 18:55 , Nick Doty <npdoty@w3.org> wrote:
>> On Aug 15, 2015, at 5:58 AM, Joseph Alhadeff <joseph.alhadeff@oracle.com> wrote:
>>>    I have not followed this entire thread (apologies if this is a bit off topic) but I would think that for some disabled (limit keystrokes for those with impaired motor coordination) or other populations with special requirements (impaired memory...) we may want to make sure that they can preserve convenience functions with alternative security and policy controls for assurance...
>>> Jor
>> This is an interesting point. There might be some situations where a site indicates "this is a sensitive site, you probably don't want to cache it or keep it in your history" but where the user really does want to keep it.
>> I'd want to think through the accessibility case in a little more detail, but maybe there are users who really need to keep a record, because of impaired memory or cognitive function such that they need someone else who uses the machine to be able to see where they've been. Though it could conflict with François's original use case, parents of young children might be one example of that.
>> There might be security cases where a malicious website used for phishing might abuse these headers to make it harder for someone to see after the fact that they visited a site that was pretending to be yourbank.com but was actually evil.com.
>> And there might be performance/network-incapacity cases; you're visiting a sensitive website, but you want the content cached for offline access later because you have control over your own device but don't have reliable network access. (E.g. the calendar of protests is marked sensitive, but you want to make sure you have it even if the local ISP slows access to that site later.)
>> I think in all such cases, it should be clear that it's the user who ultimately decides whether history/content is cached. But a *hint* from the site that the UA can expose to the user ("This site may host sensitive content; we're going to erase it from your browser history after you leave the page, okay?") might be useful. The indicator might also prompt different things for different users with different threat models. If you're in a certain country, you might want to conduct further traffic to that site through a proxy/routing service. If you indicate that you're worried about future access being blocked, you could instruct your user agent to cache sensitive content for offline access.
> Hm.  Having sites able to erase all trace that you visited them seems like a double-edged sword.  Can I imagine sites wanting to deny you ever visited them?
> I think it may be time for me to revisit the ‘taking private/incognito browsing online’ thread, as perhaps (perhaps) these issues relate.  Well, they do: the original desire was to see if sites could be asked to help staying private/incognito.  This thread is about, in a sense, sites suggesting that one may wish to be private/incognito when visiting them.
> David Singer
> Manager, Software Standards, Apple Inc.
Received on Monday, 17 August 2015 19:49:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 17 August 2015 19:49:38 UTC