Re: Automatic private browsing upgrades

On Wed, Sep 2, 2015 at 11:58 PM, Francois Marier <francois@mozilla.com>
wrote:

> I'd like to propose something that was suggested by François Légaré on
> the W3C Privacy list [1].
>
> The short description of it is: a mechanism for an author to tell the
> browser that their site should only be viewed in Private Browsing /
> incognito mode.
>

Well, this immediately runs into the problem that there's no specification
of what Private Browsing / Incognito mode actually does.  Even when it
comes to basic things like cookie lifetime, there are different behaviors
among browsers.  There has been some effort to clean this up, but AFAIK,
not much progress.



> The long description (with mock-ups) is here:
> https://wiki.mozilla.org/Security/Automatic_Private_Browsing_Upgrades
>
> The above is a draft intended to start a discussion, but the main things
> I'm wondering about are:
>
> - Does it fit within our working group charter?
> - Is CSP the right delivery mechanism?
> - Should this be rolled into the clear-site-data spec instead?
>

I feel like there are several current proposals dancing around a common
concept:

- Auto-PBM
- Clear site data
- Suborigins

(This also relates the the Containers work that's going on in Firefox right
now.
https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers)

All of these things relate to the origin security model being too loose,
either in space (suborigins) or time (clear-site-data, auto-PBM).  Some of
them (containers, auto-PBM) also carry along a notion that whatever
constraints on the origin model are applied to the top-level site should
also be transitively applied to its dependencies.

I would rather we get this overall concept right than chase after these
point solutions.

--Richard



> Francois
>
> [1]
> https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0087.html
>
>