Re: Request-Off-The-Record Mode header

On Sun, 11 Jun 2023 at 17:04, Ángel <angel@16bits.net> wrote:

> On 2023-06-08 at 14:51 -0700, David Schinazi wrote:
> > This sounds very useful for the domestic violence resources use case,
> > but at the same time I could imagine malware websites abusing it to
> > erase traces of how a machine got infected. Would it be possible to
> > get user consent per origin for this?
> > David
>
> You shouldn't be able to *store* such user content (as that would spoil
> the intent), but I like the idea of an origin popping up a browser
> request asking whether to treat it as an Incognito/Private, rather than
> the website "knowing better than the user" and bypassing the browser
> features by its own volition.
>
> While not mentioned explicitly in the initial message, this already
> seems to be the way the feature works in Brave.
>

Right! The default mode is Ask, which means the user will get prompted for
consent if the website requests Off-The-Record mode. The user can also set
it to be Allow or Deny in settings or from the prompt.

>
>
> Shivan, it would be interesting if you could share a website or test
> domain for which that feature is enabled in your browser.
>

It would be any of the websites at
https://github.com/brave/adblock-lists/blob/master/brave-lists/request-otr.json,
one example is https://www.loveisrespect.org/. These should work on Brave
Nightly.

Received on Monday, 12 June 2023 06:46:39 UTC