Automatic private browsing upgrades from Francois Marier on 2015-09-03 (public-webappsec@w3.org from September 2015)

From: Francois Marier <francois@mozilla.com>
Date: Wed, 02 Sep 2015 20:58:00 -0700
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
CC: François Légaré <flegare@gmail.com>
Message-ID: <55E7C548.1070500@mozilla.com>

I'd like to propose something that was suggested by François Légaré on
the W3C Privacy list [1].

The short description of it is: a mechanism for an author to tell the
browser that their site should only be viewed in Private Browsing /
incognito mode.

The long description (with mock-ups) is here:
https://wiki.mozilla.org/Security/Automatic_Private_Browsing_Upgrades

The above is a draft intended to start a discussion, but the main things
I'm wondering about are:

- Does it fit within our working group charter?
- Is CSP the right delivery mechanism?
- Should this be rolled into the clear-site-data spec instead?

Francois

[1] https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0087.html

Received on Thursday, 3 September 2015 03:58:30 UTC