W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: Automatic private browsing upgrades

From: Francois Marier <francois@mozilla.com>
Date: Tue, 15 Sep 2015 21:33:30 -0700
Message-ID: <55F8F11A.5070301@mozilla.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 14/09/15 01:34 AM, Mike West wrote:
> I agree with this analysis. That said, what is the intended scope of the
> feature? That is, I imagine that the site the user lands on is only half
> the story: they almost certainly got to that site via a series of
> suspicious searches, links, etc.

That's an excellent point. These anti-abuse sites would most likely want
to help users get rid of these traces as well.

> Would we need to offer a "Clear the last X minutes of browsing history!"
> feature to websites?

It would probably need to be part of the solution, yes.

I can imagine a user agent prompting the user with something like:

    The site example.com suggests that you open it in a new
    (private|incognito) window. Would you like to do so and<
    erase the last 5 minutes of web browsing?

                                            [Yes] [No]

Of course, there are lots of details to figure out, but it seems like we
could reuse the Ctrl+Shift+Del way of deleting history+cache from the
past hour that both Chrome and Firefox have.

It does feel like a different mechanism (and certainly implementation)
from the clear-site-data spec, but very similar in spirit. Mike, is that
something you'd prefer to explore in a different spec?

Francois
Received on Wednesday, 16 September 2015 04:34:00 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC