- From: Shivan Kaul Sahib <shivankaulsahib@gmail.com>
- Date: Sun, 11 Jun 2023 23:45:54 -0700
- To: Ángel <angel@16bits.net>
- Cc: public-webappsec@w3.org, ietf-http-wg@w3.org
- Message-ID: <CAG3f7MjoAPvqdP3Xe_6H5G80pTmzgnSDg9FF8ViY8Q8=yNrkiw@mail.gmail.com>
On Sun, 11 Jun 2023 at 17:04, Ángel <angel@16bits.net> wrote: > On 2023-06-08 at 14:51 -0700, David Schinazi wrote: > > This sounds very useful for the domestic violence resources use case, > > but at the same time I could imagine malware websites abusing it to > > erase traces of how a machine got infected. Would it be possible to > > get user consent per origin for this? > > David > > You shouldn't be able to *store* such user content (as that would spoil > the intent), but I like the idea of an origin popping up a browser > request asking whether to treat it as an Incognito/Private, rather than > the website "knowing better than the user" and bypassing the browser > features by its own volition. > > While not mentioned explicitly in the initial message, this already > seems to be the way the feature works in Brave. > Right! The default mode is Ask, which means the user will get prompted for consent if the website requests Off-The-Record mode. The user can also set it to be Allow or Deny in settings or from the prompt. > > > Shivan, it would be interesting if you could share a website or test > domain for which that feature is enabled in your browser. > It would be any of the websites at https://github.com/brave/adblock-lists/blob/master/brave-lists/request-otr.json, one example is https://www.loveisrespect.org/. These should work on Brave Nightly.
Received on Monday, 12 June 2023 06:46:36 UTC