W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2016

Re: Proposal to add a browsing context named "_private"

From: Joel Weinberger <jww@chromium.org>
Date: Mon, 11 Jan 2016 23:19:53 +0000
Message-ID: <CAHQV2KnUYGXvrQ73t+UnE53qUDmkKQbdnbuFcY5uSxO0okd31g@mail.gmail.com>
To: Utkarsh Upadhyay <musically.ut@gmail.com>
Cc: timeless@gmail.com, Patrick Toomey <patrick.toomey@github.com>, Richard Barnes <rbarnes@mozilla.com>, WebAppSec WG <public-webappsec@w3.org>
They make sense, but I don't find them terribly convincing ;-) I've inlined
some responses below.

On Mon, Jan 11, 2016 at 3:03 PM Utkarsh Upadhyay <musically.ut@gmail.com>

> Thanks for the feedback and the lively discussion!
>  > In any case, I'd like to better understand the use case of when a site
> knows that a link should be opened "privately" and it shouldn't be the
> users choice before we go too far down this path.
> I haven't thought about it exhaustively but have accumulated a few use
> cases from the experience of developing an extension to help users with
> switching to incognito mode.
> First use case was of websites knowing *risky clicks* and providing a
> _safe_ way to make sure that the user doesn't have to clean up after
> himself, i.e. NSFW links on their content. Reddit was an example I provided
> in my original mail but other news sites will probably also find use for it.
It seems like the "right" thing to do is to mark the links as NSFW and let
the user decide if they want them in their browsing history. Heck, some
people might *want* that in their history for many reasons. Why effectively
ban that for users who want it?

> Second use case was being able to give users clearer instructions. An
> example of such a case I recently ran across was here:
> https://support.google.com/accounts/answer/6160500?hl=en
> Relevant part of the page:
> > Sign in to your Google Account on android.com/devicemanager
> <http://www.android.com/devicemanager>. If you're helping a friend with
> their lost device, we recommend opening an incognito tab in Chrome
> <https://support.google.com/chrome/answer/95464> and having them sign in
> to the Google Account they use on their mobile device.
> Such instructions can be simplified by linking to the website with
> target="_private". Other links which may accidentally reveal personal
> information (think direct links to bank account balance page) can also be
> made save by setting target="_private".
The key word in that is "recommend". Again, there may be valid reasons for
a user to *not* go into private browsing.

> Thirdly, and what prompted me to think of this proposal, was that opening
> an incognito window through an extension on Chrome is rather convoluted
> (uses background scripts) and fragile. It may not continue to work, for
> example, when
> https://developer.chrome.com/extensions/manifest/externally_connectable
> is enforced. In any case, the extension requires permissions to access
> _all_ data across _all_ websites, which already should be raising eyebrows.
> I'd rather have this provided by the site + the browser, both of which I
> trust more than a third party plugin.
That sounds more like a feature request for making it easier to get into
private browsing mode. I think Chrome already does that by adding the "open
in incognito" right-click menu item.

> Do these make sense?
> ----
> > This feature would require formalizing these modes, and that seems
> tricky at best, since the user agents are not necessarily providing the
> same guarantees.
> If several browsers are providing independent implementations of features
> which _sound_ similar, isn't this is a good time to standardize it, even if
> it takes a bit of effort?
> ~
> ut
Received on Monday, 11 January 2016 23:20:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC