Re: Super Cookies in Privacy Browsing mode from David Singer on 2015-01-09 (public-privacy@w3.org from January to March 2015)

From: David Singer <singer@apple.com>
Date: Thu, 08 Jan 2015 16:23:39 -0800
To: chaals@yandex-team.ru
Cc: Christine Runnegar <runnegar@isoc.org>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>, "Nottingham, Mark" <mnotting@akamai.com>
Message-id: <2DA4D72F-084B-4660-93AA-77058AF93BEB@apple.com>

> On Jan 8, 2015, at 16:16 , chaals@yandex-team.ru wrote:
> 
> 09.01.2015, 01:52, "Christine Runnegar" <runnegar@isoc.org>:
>> Hi David,
>> 
>> Regarding your query about private browsing modes -
>> 
>> Copying from the summary of the PING meeting in November …
>> 
>> “ … => TAG and private browsing mode
> 
> http://w3ctag.github.io/private-mode/ is the editors' draft.

Thanks

but this draft, and what I described, are almost completely different.  We may need different names.

This draft attempts to achieve privacy by limiting information flow, while not explicitly saying to the servers what it is trying to do.

My suggestion is almost precisely the opposite: ask the server politely to do something for the user, that actually barely impacts its business.


> 
> cheers
> 
>> Mark Nottingham gave an overview of the TAG’s work on browsers “private browsing mode”. The work looks at the mode for three use cases: other users, network attacker, the website itself. The aim is to provide “best class” protection in private browsing mode while not lowering privacy standards outside privacy browsing mode.
>> 
>> The work can be followed on the tag email list [2]. Mark hopes to have a draft ready by the January TAG face-to-face meeting."
>> 
>> [2] www-tag@w3.org"
>> 
>> Christine
>> 
>> On 8 Jan 2015, at 11:39 pm, David Singer <singer@apple.com> wrote:
>>>  I think we might need a consensus definition of what private browsing mode is, and how it affects servers.  We had some offline conversation about it at the workshop.
>>> 
>>>  For example, for some people ‘private browsing’ starts a sandbox that is initialized from the regular browsing context (cookies and all), but that is discarded at the end of the private browsing session.  There’s no need for supercookies to correlate the regular browsing into private browsing, as the cookies are there.  Correlating the other way will simply raise the ire of users if you are not careful, as it would persist state and hence ‘leak’ from the private session back into the general one.
>>> 
>>>  I have some ideas around codifying ‘private browsing mode’ and how to communicate ‘heh, I am trying to be private here!’ to servers.  Is this a topic of interest to others?
>>>>  On Jan 8, 2015, at 12:13 , Rigo Wenning <rigo@w3.org> wrote:
>>>> 
>>>>  Happy New Year!
>>>> 
>>>>  Interesting article about how HTTP Strict Transport Security can be used to
>>>>  circumvent the protections in the private browsing mode. But it seems to be
>>>>  fixed in firefox >34. I don't know about the other browsers.
>>>> 
>>>>  --Rigo
>>>  David Singer
>>>  Manager, Software Standards, Apple Inc.
> 
> --
> Charles McCathie Nevile - web standards - CTO Office, Yandex
> chaals@yandex-team.ru - - - Find more at http://yandex.com

David Singer
Manager, Software Standards, Apple Inc.

Received on Friday, 9 January 2015 00:24:13 UTC