RE: Super Cookies in Privacy Browsing mode from Mike O'Neill on 2015-01-10 (public-privacy@w3.org from January to March 2015)

From: Mike O'Neill <michael.oneill@baycloud.com>
Date: Sat, 10 Jan 2015 12:00:39 -0000
To: "'David Singer'" <singer@apple.com>, "'W3C Privacy IG'" <public-privacy@w3.org>
Message-ID: <2bac01d02ccd$149521a0$3dbf64e0$@baycloud.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi David,

I am definitely interested in these ideas, can you give a summary?

Mike

> -----Original Message-----
> From: David Singer [mailto:singer@apple.com]
> Sent: 08 January 2015 22:40
> To: W3C Privacy IG
> Subject: Re: Super Cookies in Privacy Browsing mode
> 
> I think we might need a consensus definition of what private browsing mode is,
> and how it affects servers.  We had some offline conversation about it at the
> workshop.
> 
> For example, for some people ‘private browsing’ starts a sandbox that is
> initialized from the regular browsing context (cookies and all), but that is
> discarded at the end of the private browsing session.  There’s no need for
> supercookies to correlate the regular browsing into private browsing, as the
> cookies are there.  Correlating the other way will simply raise the ire of users if
> you are not careful, as it would persist state and hence ‘leak’ from the private
> session back into the general one.
> 
> I have some ideas around codifying ‘private browsing mode’ and how to
> communicate ‘heh, I am trying to be private here!’ to servers.  Is this a topic of
> interest to others?
> 
> > On Jan 8, 2015, at 12:13 , Rigo Wenning <rigo@w3.org> wrote:
> >
> > Happy New Year!
> >
> > Interesting article about how HTTP Strict Transport Security can be used to
> > circumvent the protections in the private browsing mode. But it seems to be
> > fixed in firefox >34. I don't know about the other browsers.
> >
> > --Rigo
> 
> David Singer
> Manager, Software Standards, Apple Inc.
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using gpg4o v3.4.19.5391 - http://www.gpg4o.com/
Charset: utf-8

iQEcBAEBAgAGBQJUsRRmAAoJEHMxUy4uXm2JqTAIAJreaMJcmw816tTzFmicavEm
onX1WFTeDdYlMwcrWOZJ6C0hff3lWG0fK5i3qK7AgmYuw8MQVC651eJuZ8v1CARZ
9UHj36jPuzmw0TkdVPZPoxFF+25VUBV+vgENppvADxPLg02Y78F9EDhG2iAAPokP
s2XMCcKjTDxBvkAlWVYG1zsYbAI1Rcy4ZeW/ceNyO1vYRbYPdGuHSj/z/kCuSRdO
LY0vmwUH5kYkttleM5030wJvuiZoOZiniy4wSI6VvM/npsdKlNA/P1enyQyKBfE+
g3J2nJeLKr7Tdqx3uS+6KMTDCdbDVay6bQuv7yLSBsScNMc+Kp6BIixJ6tjnCE8=
=4ICH
-----END PGP SIGNATURE-----

Received on Saturday, 10 January 2015 12:01:37 UTC