Re: [PING] ad hoc private browsing mode call - summary

Hi Mike and Mark,

Just to follow up / suggest another practical place where a “high privacy” mode would be useful.

The upcoming Web Payments API currently defines / describes some mitigation strategies user agents might use to avoid some finger printing surface[1].  But there are many suggestions, and client behavior is not specified when the user agent is "applying heuristics to detect and prevent abuse”.  Being able to have a subsection saying “when user has indicated a preference for higher privacy / is operating in high "high privacy” mode, the `canMakePayment` method will do X, instead a list of possibly-mutually exclusive options (the worst web compatibility scenario, and the least pleasant for web authors).

Hopefully that example describes my goals better, and that this Web Payments API issue is a better motivating case. (And better distinguishes this project from Marks interesting, but distinct, prior proposal.)

Best!
Pete



Refs
—
1. https://www.w3.org/TR/payment-request/#canmakepayment-method

> On Feb 25, 2019, at 4:28 PM, Pete Snyder <psnyder@brave.com> wrote:
> 
> Thanks again Mike and Mark,
> 
> I have no disagreement with any of the above, except the slight worry that increasing the scope of the document will invite the kind of dimensionality concerns (privacy sliders and similar) that will end up killing the goal of the effort (improve web compatibility by making a second, common target web authors can target when users are operating in a “I want more privacy” mode).
> 
> If folks agree to stick to the “yes / no” i'm in more-privacy-mode binary categories though, I have no beef at all with expanding the document in the way Mike suggests :)
> 
> Pete
> 
>> On Feb 25, 2019, at 3:13 PM, Mark Nottingham <mnot@mnot.net> wrote:
>> 
>> 
>> 
>>> On 25 Feb 2019, at 8:26 pm, Mike West <mkwst@google.com> wrote:
>>> 
>>> 1.  Privacy with regard to data stored on a user's local machine (caches, DOM storage, history information, MotW, etc).
>>> 
>>> 2.  Privacy with regard to the browser's interaction with websites (cookies, fingerprinting, web APIs, etc).
>>> 
>>> 3.  Privacy with regard to the browser's non-webby features, especially those that make use of users' data (e.g. address bar integrations, telemetry engines, ad networks, safe browsing, payment systems, password managers, etc).
>>> 
>>> I hope that the group wouldn't limit itself to the second of these when defining "privacy mode". It seems like folks can reasonably make tradeoffs in all three categories (and, really, there might be more categories I'm not thinking of!).
>> 
>> +1. My gist drafty-thing talked about #1, #2 and an additional case - privacy from network observers. #3 is a good one too, but its relationship to standards is always going to be tricky.
>> 
>> Cheers,
>> 
>> 
>> --
>> Mark Nottingham   https://www.mnot.net/
>> 
> 

Received on Tuesday, 5 March 2019 05:06:41 UTC