W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: Proposal to add a browsing context named "_private"

From: Utkarsh Upadhyay <musically.ut@gmail.com>
Date: Tue, 12 Jan 2016 00:02:59 +0100
Message-ID: <CALh3q9zLTVPXBDJnZn7VskANnVWR0O4MuZg37x1rJ7dHg29UGA@mail.gmail.com>
To: Joel Weinberger <jww@chromium.org>
Cc: timeless@gmail.com, Patrick Toomey <patrick.toomey@github.com>, Richard Barnes <rbarnes@mozilla.com>, WebAppSec WG <public-webappsec@w3.org>
Thanks for the feedback and the lively discussion!

 > In any case, I'd like to better understand the use case of when a site
knows that a link should be opened "privately" and it shouldn't be the
users choice before we go too far down this path.

I haven't thought about it exhaustively but have accumulated a few use
cases from the experience of developing an extension to help users with
switching to incognito mode.

First use case was of websites knowing *risky clicks* and providing a
_safe_ way to make sure that the user doesn't have to clean up after
himself, i.e. NSFW links on their content. Reddit was an example I provided
in my original mail but other news sites will probably also find use for it.

Second use case was being able to give users clearer instructions. An
example of such a case I recently ran across was here:
https://support.google.com/accounts/answer/6160500?hl=en

Relevant part of the page:

> Sign in to your Google Account on android.com/devicemanager
<http://www.android.com/devicemanager>. If you're helping a friend with
their lost device, we recommend opening an incognito tab in Chrome
<https://support.google.com/chrome/answer/95464> and having them sign in to
the Google Account they use on their mobile device.

Such instructions can be simplified by linking to the website with
target="_private". Other links which may accidentally reveal personal
information (think direct links to bank account balance page) can also be
made save by setting target="_private".

Thirdly, and what prompted me to think of this proposal, was that opening
an incognito window through an extension on Chrome is rather convoluted
(uses background scripts) and fragile. It may not continue to work, for
example, when
https://developer.chrome.com/extensions/manifest/externally_connectable is
enforced. In any case, the extension requires permissions to access _all_
data across _all_ websites, which already should be raising eyebrows. I'd
rather have this provided by the site + the browser, both of which I trust
more than a third party plugin.

Do these make sense?

----

> This feature would require formalizing these modes, and that seems tricky
at best, since the user agents are not necessarily providing the same
guarantees.

If several browsers are providing independent implementations of features
which _sound_ similar, isn't this is a good time to standardize it, even if
it takes a bit of effort?


~
ut
Received on Monday, 11 January 2016 23:03:47 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:17 UTC