Re: [PING] ad hoc private browsing mode call - summary

Snipping aggressively to get to a piece that I think is important. Happy to
continue chatting about anything I cut, but I don't think we're
diametrically opposed on any of it. :)

On Fri, Feb 22, 2019 at 8:22 PM Pete Snyder <psnyder@brave.com> wrote:

> The common goal in these changes is to increase the privacy of browsing on
> the web _between the server(s) and the client_, and at a high level aiming
> for the goal of websites not being able to identify the user without the
> user’s intent.


This framing feels too narrow, and I hope that the group can produce a
document that speaks to this class of privacy threats _as well as_ other
classes. Backing up a bit, it seems like there are three large groups of
threats:

1.  Privacy with regard to data stored on a user's local machine (caches,
DOM storage, history information, MotW, etc).

2.  Privacy with regard to the browser's interaction with websites
(cookies, fingerprinting, web APIs, etc).

3.  Privacy with regard to the browser's non-webby features, especially
those that make use of users' data (e.g. address bar integrations,
telemetry engines, ad networks, safe browsing, payment systems, password
managers, etc).

I hope that the group wouldn't limit itself to the second of these when
defining "privacy mode". It seems like folks can reasonably make tradeoffs
in all three categories (and, really, there might be more categories I'm
not thinking of!).

-mike

Received on Monday, 25 February 2019 09:27:03 UTC