Re: [w3ctag/spec-reviews] Privacy Mode (#101) from Travis Leithead on 2016-11-02 (public-webapps-github@w3.org from November 2016)

From: Travis Leithead <notifications@github.com>
Date: Tue, 01 Nov 2016 20:41:44 -0700
To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
Message-ID: <w3ctag/spec-reviews/issues/101/257764174@github.com>
The Web Payment API's review feedback for our question on incognito mode, and follow-up discussion.

https://lists.w3.org/Archives/Public/public-payments-wg/2016Jul/att-0013/WebpaymentsAPISecurityandPrivacyChecklist.pdf

>> 3.14 How should this specification work in the context of a user agent’s "incognito" mode? 

> We anticipate that user agents will offer users the ability to grant specific web sites persistent permission to access payment information. This will facilitate user experiences such as “one click” product ordering and automated micropayments. 

>Recommendation 

>When operating in an “incognito” mode, we would expect the Payment Request API to remain available; however, we recommend that any such persistent permission be ignored in such a mode (otherwise, websites with such persistent permission would be able to identify users via their payment details). The user agent would still make stored user information available -- similar to how the web browser assists in filling out form information even when incognito; however, such information would be inaccessible to the merchant web site until submitted by the user. Assistance is expected, automation is not. 

>When operating in incognito mode, it is probably also advisable to take additional steps, possibly at the expense of usability, to frustrate attempts to determine whether the user has registered payment apps that support specific payment methods. For example, always prompting the user when a payment request is made, even if there are no matching payment apps available, may serve such a purpose. Note, however, that this would need careful consideration, as web sites might determine from such behavior that the user is browsing in an incognito context. 

>When the Payment Request API is invoked in an incognito context, we suggest that any web-based payment apps also be invoked in an incognito context. This will generally prevent such sites from accessing any previously-stored information; this, in turn, will require users to either log in to the payment app or re-enter payment instrument details. 

>The Payment Request API specification should thus include discussion on browser behavior in incognito mode. 

From: http://www.w3.org/2016/07/07-wpwg-minutes#item07

> 3.14 How should this specification work in the context of a user agent’s "incognito" mode?
AdamR: We think the api should work in incognito mode
... but since we've talked about the ability to grant permission to get a 1-click experience
... obviously that has some privacy implications especially in incognito mode
... the recommendation is that the stored information be available but to suggest user confirmation (e.g., that you will be unmasked from incognito mode)
[Review of existing incognito mode]
NickS: Apple Pay - We don't disclose information to the site that payment methods are available when in incognito mode
zkoch: I think the best model we have here is autofill...you still have the information you had, but we don't save NEW information
... I think what NickS says is about third party apps...and I agree we need to think hard about incognito mode
adamR: Sites should not be able to easily know that a user is operating in incognito mode
... there may also be ways to figure out what's going on (e.g., time required for a promise to return)
... we also recommend that the web payment app operates in incognito mode as well
... we recommend that text be brought into the payment request API spec
... in some form
`<ShaneM>` is there a generic term for "incognito mode" that is used in the W3C specs
(I don't know)
danielappelquist: There is no standard definition of a private browsing mode
... we wonder whether there should be such a definition
`<ShaneM>` hey wendy - have your groupps define that for us, would you?
3.16 Does this specification have a "Security Considerations" and "Privacy Considerations" section?
AdamR: We think all the docs should have privacy/security considerations sections
... we do call out that the PMI spec should point to the security section of the URI spec
... so we need to augment privacy/security sections of the docs larger
<dka> TAG open issue on private modes: https://github.com/w3ctag/spec-reviews/issues/101 (just FYI)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/spec-reviews/issues/101#issuecomment-257764174
Received on Wednesday, 2 November 2016 03:42:18 UTC