Re: Request-Off-The-Record Mode header

I am a staunch opponent of the use of consent for this sort of thing.  Notice, perhaps, I might be able to get behind.

To manage risk of destroying potential audit trails, it seems like it would be reasonable for browsers to ignore the signal if the site took actions that might result in permanent effects (like downloads of malware, use of powerful features that do require consent, that sort of thing).  The browser might retain *less* information, and create warnings if it does, but accountability is important.

HTTP WG seems fine as a destination (for some reason my instinct was DISPATCH, but I couldn't work out why I thought that).

On Fri, Jun 9, 2023, at 07:51, David Schinazi wrote:
> This sounds very useful for the domestic violence resources use case, 
> but at the same time I could imagine malware websites abusing it to 
> erase traces of how a machine got infected. Would it be possible to get 
> user consent per origin for this?
> David
>
> On Thu, Jun 8, 2023 at 2:42 PM Eric Lawrence 
> <Eric.Lawrence@microsoft.com> wrote:
>> This generally seems useful. ____
>> __ __
>> I can foresee some user confusion if a user encountered the interstitial page when visiting the target site in InPrivate/Incognito mode, but I also wouldn’t want to skip the interstitial page in those privacy modes (because it could be abused as an oracle that would reveal to the site whether a visitor is using a Private Mode already). 
>> 
>> In Chromium-based browsers, browser extensions are disabled by default while in Private Mode. It does not look like you propose to disable extensions from interacting with “Off-the-record” sites?____
>> __ __
>> *From:* Shivan Kaul Sahib <shivankaulsahib@gmail.com> 
>> *Sent:* Thursday, June 8, 2023 2:14 PM
>> *To:* public-webappsec@w3.org; HTTP Working Group <ietf-http-wg@w3.org>
>> *Subject:* Request-Off-The-Record Mode header____
>> __ __
>> You don't often get email from shivankaulsahib@gmail.com. Learn why this is important <https://aka.ms/LearnAboutSenderIdentification>____
>> Hi folks, this is a head's up and early request for feedback:  ____
>> __ __
>> Brave is shipping support for an HTTP response header sent by a website that wants the client to treat the website as "off-the-record" i.e. not store anything in storage, not record the site visit in history etc. Kind of like incognito/private browsing mode but site-initiated and only for a specific website. The header is simple: it would look like `Request-OTR: 1`. Some details here: https://brave.com/privacy-updates/26-request-off-the-record/#request-otr-header. Currently we bootstrap for websites that have expressed interest in this (mainly websites that have help resources for domestic violence victims, which was the driving use-case) by preloading a list of websites into the browser, but it would be nice to standardize the header. We're considering doing the work in the HTTP WG at IETF: it's envisioned to be a simple header.
>> 
>> I see that this idea was previously discussed in W3C WebAppSec: https://lists.w3.org/Archives/Public/public-webappsec/2015Sep/0016.html, and there was a draft Mozilla spec: https://wiki.mozilla.org/Security/Automatic_Private_Browsing_Upgrades, though as a CSP directive. ____
>> __ __
>> Happy to hear what people think.____
>> __ __
>> __ __

Received on Thursday, 8 June 2023 23:28:01 UTC