- From: Ángel <angel@16bits.net>
- Date: Mon, 12 Jun 2023 02:03:06 +0200
- To: public-webappsec@w3.org, ietf-http-wg@w3.org
On 2023-06-08 at 14:51 -0700, David Schinazi wrote: > This sounds very useful for the domestic violence resources use case, > but at the same time I could imagine malware websites abusing it to > erase traces of how a machine got infected. Would it be possible to > get user consent per origin for this? > David You shouldn't be able to *store* such user content (as that would spoil the intent), but I like the idea of an origin popping up a browser request asking whether to treat it as an Incognito/Private, rather than the website "knowing better than the user" and bypassing the browser features by its own volition. While not mentioned explicitly in the initial message, this already seems to be the way the feature works in Brave. Shivan, it would be interesting if you could share a website or test domain for which that feature is enabled in your browser.
Received on Monday, 12 June 2023 00:04:20 UTC