W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Proposal to add a browsing context named "_private"

From: Utkarsh Upadhyay <musically.ut@gmail.com>
Date: Mon, 11 Jan 2016 14:45:32 +0100
Message-ID: <CALh3q9w_6YvSH4AQp5CLQALkLQ3Zyh2o6BpLWmFx1wwyJV3VuA@mail.gmail.com>
To: public-webappsec@w3.org
Hi all,

Most browsers now have a private browsing mode, which offer similar
features, i.e. browsing history is not recorded, cookies are not saved,
localstorage is flushed when the context ends, and some other forms of
isolation.

I think it would make sense to formalize such a browsing context and allow
a webpage to specify that the "target" for an <a> link is "_private", so
that the page opens in private mode. I can imagine several use-cases for
this, ranging from aggregator sites offering a privacy preserving browsing
mode to developers using it for maintaining two sessions on apps they are
developing. For example, Reddit may offer a mode in which all NSFW links
automatically open in private mode. Several browser extensions/addons
(including one by me) have been developed to "work-around" this problem and
I think that the browser itself is the best place to remedy the issue.

Does this make sense or are there better alternatives/previous proposals
which deal with this?

I had initially posted this here: https://github.com/whatwg/html/issues/493
and Anne recommended running it by this mailling list to see if there is
any interest in it.

Thanks!

~
ut
Received on Monday, 11 January 2016 21:34:08 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:17 UTC