W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: Automatic private browsing upgrades

From: Richard Barnes <rbarnes@mozilla.com>
Date: Thu, 3 Sep 2015 11:25:41 -0400
Message-ID: <CAOAcki9CqkuCe1wePw7iReP_PLSiKhy1uRa7tFeSSvNJg5eSTA@mail.gmail.com>
To: Francois Marier <francois@mozilla.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, François Légaré <flegare@gmail.com>
On Wed, Sep 2, 2015 at 11:58 PM, Francois Marier <francois@mozilla.com>
wrote:

> I'd like to propose something that was suggested by François Légaré on
> the W3C Privacy list [1].
>
> The short description of it is: a mechanism for an author to tell the
> browser that their site should only be viewed in Private Browsing /
> incognito mode.
>

Well, this immediately runs into the problem that there's no specification
of what Private Browsing / Incognito mode actually does.  Even when it
comes to basic things like cookie lifetime, there are different behaviors
among browsers.  There has been some effort to clean this up, but AFAIK,
not much progress.



> The long description (with mock-ups) is here:
> https://wiki.mozilla.org/Security/Automatic_Private_Browsing_Upgrades
>
> The above is a draft intended to start a discussion, but the main things
> I'm wondering about are:
>
> - Does it fit within our working group charter?
> - Is CSP the right delivery mechanism?
> - Should this be rolled into the clear-site-data spec instead?
>

I feel like there are several current proposals dancing around a common
concept:

- Auto-PBM
- Clear site data
- Suborigins

(This also relates the the Containers work that's going on in Firefox right
now.
https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers)

All of these things relate to the origin security model being too loose,
either in space (suborigins) or time (clear-site-data, auto-PBM).  Some of
them (containers, auto-PBM) also carry along a notion that whatever
constraints on the origin model are applied to the top-level site should
also be transitively applied to its dependencies.

I would rather we get this overall concept right than chase after these
point solutions.

--Richard



> Francois
>
> [1]
> https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0087.html
>
>
Received on Thursday, 3 September 2015 15:26:09 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC