Fwd: some links on private browsing mode text

Lorrie Cranor notes another recent research study from CMU that characterizes private browsing mode usage from direct browsing history observation in addition to self-reported survey data.

> https://www.usenix.org/conference/soups2018/presentation/habib-prying <https://www.usenix.org/conference/soups2018/presentation/habib-prying>
This gets at a range of use cases for private browsing (different threat models and some non-security/non-privacy use cases as well) and concludes that self-reported reasons for using private browsing roughly match data collected from an opt-in observatory model.
—npd

> Begin forwarded message:
> 
> From: Lorrie Cranor
> Subject: Re: some links on private browsing mode text
> Date: December 6, 2018 at 6:15:14 PM PT
> To: Nick Doty <npdoty@ischool.berkeley.edu>
> 
> Hi Nick,
> 
> This might be useful too:
> https://www.usenix.org/conference/soups2018/presentation/habib-prying <https://www.usenix.org/conference/soups2018/presentation/habib-prying>
> 
> Lorrie
> 
> 
>> On Dec 6, 2018, at 9:06 PM, Nick Doty <npdoty@ischool.berkeley.edu <mailto:npdoty@ischool.berkeley.edu>> wrote:
>> 
>> Nice chatting briefly today with you all regarding private browsing modes and what it could be useful to standardize.
>> 
>> In terms of providing some existing resources for use in Pete’s drafting, I referred to this text sketch from Mark Nottingham, from 2016:
>> https://gist.github.com/mnot/96440a5ca74fcf328d23 <https://gist.github.com/mnot/96440a5ca74fcf328d23>
>> 
>> I think the approach of describing different kinds of controls — site data controls, local data controls, network data controls — based on the threat model and response they provide is useful because we might not always see a singular private browsing modal option, and it could be useful feedback for designers of new features to consider the impacts of different kinds of controls. For example, I don’t think any prominent browsers are currently applying network anonymity features in their respective private browsing modes (though Opera is including a VPN with some anonymizing features), but it’s useful to consider how local/private IP addresses can be revealed through Web features, specifically because some users are going to use anonymizing proxies. There might both be a common definition of private browsing mode features and still utility in separating out different kinds of controls that apply to different threats for reference elsewhere.
>> 
>> I hope Mark will be able to join us for a future call, or he might have opinions to share on this text on-list.
>> 
>> 
>> Also, we also had a useful talk/discussion with researchers who had reviewed the common user confusion regarding explanations of private browsing modes back in September.
>> 
>> Minutes: https://www.w3.org/2018/09/10-privacy-minutes.html <https://www.w3.org/2018/09/10-privacy-minutes.html>
>> Paper from WWW 2018: https://www.blaseur.com/papers/www18privatebrowsing.pdf <https://www.blaseur.com/papers/www18privatebrowsing.pdf>
>> Reviewing that discussion reminds me that there was some consideration of standardizing terminology of private browsing modes to try to help address that user confusion, or even to reduce stigma regarding the use of (“shared device mode” rather than “private browsing”).
>> 
>> And regarding signaling to the page, there has also been the suggestion that sites may want to know that a user is in private browsing mode to provide advice to the user or change their functionality to help them with the threat model of a local attacker — that online services that help survivors of domestic violence, for example, might want to detect use of that mode and help explain how to clear browser history and other local data.
>> 
>> —Nick
> 

Received on Friday, 7 December 2018 04:04:08 UTC