- From: Joel Weinberger <jww@chromium.org>
- Date: Mon, 11 Jan 2016 22:28:56 +0000
- To: timeless@gmail.com, Patrick Toomey <patrick.toomey@github.com>
- Cc: Richard Barnes <rbarnes@mozilla.com>, Utkarsh Upadhyay <musically.ut@gmail.com>, WebAppSec WG <public-webappsec@w3.org>
- Message-ID: <CAHQV2KmomFMiOEDLAveiiov6EQGX9ztyWky-hQZ5tzncm8a3zg@mail.gmail.com>
Why is the current Firefox/Chrome approach of offering an "open in private window" menu choice not sufficient? It seems like it provides strictly more user control, and I don't really see a time when a site would know better than the user that it should be "private". Which also raises the question of what "private" actually means. The Chrome guarantees are misunderstood commonly enough, and I suspect are not consistent with Firefox's guarantees. This feature would require formalizing these modes, and that seems tricky at best, since the user agents are not necessarily providing the same guarantees. In any case, I'd like to better understand the use case of when a site knows that a link should be opened "privately" and it shouldn't be the users choice before we go too far down this path. --Joel On Mon, Jan 11, 2016 at 2:21 PM timeless <timeless@gmail.com> wrote: > On Mon, Jan 11, 2016 at 5:12 PM, Patrick Toomey > <patrick.toomey@github.com> wrote: > > I don't dislike the idea, but I wonder if it is as trivial as it seems. > For > > example, do any browsers currently support a per-window private mode? > > I believe Chrome is pretty close to being able to do it, since afaict, > it supports multiple active user profiles. > > > With > > Chrome, it seems like the current implementation supports two contexts, > > incognito and non-incognito. For example, let's say I do the following: > > > > * open a private mode window with "New incognito window" > > * visit a site (say www.somesite.com) > > * login > > > > If I then go back to my non-incognito window and open a new private mode > > window using "New incognito window", the new window seems to have the > same > > context as my first incognito window. If I go back to www.somesite.com, > my > > cookies are shared and I am currently logged in. > > Yeah, the current system means that an evil site could figure out that > you're using incognito and link the two (normal, incognito) if we > don't do what you propose. Although, technically most sites could just > assume that two clients w/ the same ip and general browser shape are > probably the same even if credentials don't match... > > > It seems as though, if one is going to allow a third-party site to > initiate > > opening of a private-mode window, it might be better to force a new > browsing > > context, with nothing shared with any existing private mode windows. That > > sounds doable, and possibly even trivial. But, it does seem like those > kinds > > of things would have to be more fully fleshed out. > > > The UX will not be fun to design. Because you then have to explain > visually to a user that this private window isn't connected to that > private window. > > I'm not opposed to this feature, just warning about the problems that > it entails... > >
Received on Monday, 11 January 2016 22:29:35 UTC