Re: Proposal to add a browsing context named "_private" from Patrick Toomey on 2016-01-11 (public-webappsec@w3.org from January 2016)

From: Patrick Toomey <patrick.toomey@github.com>
Date: Mon, 11 Jan 2016 22:12:44 +0000
To: Richard Barnes <rbarnes@mozilla.com>, Utkarsh Upadhyay <musically.ut@gmail.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CAN4Q8dDzA09bcbPO7fZAQ5vut9VBZ89h5k96t+Ok8HZqJ+NmHg@mail.gmail.com>

I don't dislike the idea, but I wonder if it is as trivial as it seems. For
example, do any browsers currently support a per-window private mode? With
Chrome, it seems like the current implementation supports two contexts,
incognito and non-incognito. For example, let's say I do the following:

* open a private mode window with "New incognito window"
* visit a site (say www.somesite.com)
* login

If I then go back to my non-incognito window and open a new private mode
window using "New incognito window", the new window seems to have the same
context as my first incognito window. If I go back to www.somesite.com, my
cookies are shared and I am currently logged in.

It seems as though, if one is going to allow a third-party site to initiate
opening of a private-mode window, it might be better to force a new
browsing context, with nothing shared with any existing private mode
windows. That sounds doable, and possibly even trivial. But, it does seem
like those kinds of things would have to be more fully fleshed out.

On Mon, Jan 11, 2016 at 3:01 PM Richard Barnes <rbarnes@mozilla.com> wrote:

> This seems like an OK idea.  It certainly seems better-formed than
> previous approaches.  As Utkarsh points out, there are already addons that
> support this feature, and Firefox and Chrome both have "Open in new private
> window" if you right-click.
>
> On Mon, Jan 11, 2016 at 5:45 AM, Utkarsh Upadhyay <musically.ut@gmail.com>
> wrote:
>
>> Hi all,
>>
>> Most browsers now have a private browsing mode, which offer similar
>> features, i.e. browsing history is not recorded, cookies are not saved,
>> localstorage is flushed when the context ends, and some other forms of
>> isolation.
>>
>> I think it would make sense to formalize such a browsing context and
>> allow a webpage to specify that the "target" for an <a> link is "_private",
>> so that the page opens in private mode. I can imagine several use-cases for
>> this, ranging from aggregator sites offering a privacy preserving browsing
>> mode to developers using it for maintaining two sessions on apps they are
>> developing. For example, Reddit may offer a mode in which all NSFW links
>> automatically open in private mode. Several browser extensions/addons
>> (including one by me) have been developed to "work-around" this problem and
>> I think that the browser itself is the best place to remedy the issue.
>>
>> Does this make sense or are there better alternatives/previous proposals
>> which deal with this?
>>
>> I had initially posted this here:
>> https://github.com/whatwg/html/issues/493 and Anne recommended running
>> it by this mailling list to see if there is any interest in it.
>>
>> Thanks!
>>
>> ~
>> ut
>>
>
>

Received on Monday, 11 January 2016 22:13:24 UTC