W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: Proposal to add a browsing context named "_private"

From: timeless <timeless@gmail.com>
Date: Mon, 11 Jan 2016 17:19:44 -0500
Message-ID: <CAAKMeYj7e_F06W+StDNSavT6b5OcDOT7_EvRZ1o-VH6SH3Ssvw@mail.gmail.com>
To: Patrick Toomey <patrick.toomey@github.com>
Cc: Richard Barnes <rbarnes@mozilla.com>, Utkarsh Upadhyay <musically.ut@gmail.com>, WebAppSec WG <public-webappsec@w3.org>
On Mon, Jan 11, 2016 at 5:12 PM, Patrick Toomey
<patrick.toomey@github.com> wrote:
> I don't dislike the idea, but I wonder if it is as trivial as it seems. For
> example, do any browsers currently support a per-window private mode?

I believe Chrome is pretty close to being able to do it, since afaict,
it supports multiple active user profiles.

> With
> Chrome, it seems like the current implementation supports two contexts,
> incognito and non-incognito. For example, let's say I do the following:
>
> * open a private mode window with "New incognito window"
> * visit a site (say www.somesite.com)
> * login
>
> If I then go back to my non-incognito window and open a new private mode
> window using "New incognito window", the new window seems to have the same
> context as my first incognito window. If I go back to www.somesite.com, my
> cookies are shared and I am currently logged in.

Yeah, the current system means that an evil site could figure out that
you're using incognito and link the two (normal, incognito) if we
don't do what you propose. Although, technically most sites could just
assume that two clients w/ the same ip and general browser shape are
probably the same even if credentials don't match...

> It seems as though, if one is going to allow a third-party site to initiate
> opening of a private-mode window, it might be better to force a new browsing
> context, with nothing shared with any existing private mode windows. That
> sounds doable, and possibly even trivial. But, it does seem like those kinds
> of things would have to be more fully fleshed out.


The UX will not be fun to design. Because you then have to explain
visually to a user that this private window isn't connected to that
private window.

I'm not opposed to this feature, just warning about the problems that
it entails...
Received on Monday, 11 January 2016 22:20:12 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:17 UTC