[w3c/browser-payment-api] Add Guidance Text for Incognito Mode (#230)

This is a recommendation from the Security and Privacy Checklist review. See https://docs.google.com/document/d/1w7ginyzNg-xZUmITK4vzcGUKB4gbMOAvlkWWaRtX14k/edit?usp=sharing for additional detail

When operating in an “incognito” mode, we would expect the Payment Request API to remain available; however, we recommend that any such persistent permission be ignored in such a mode (otherwise, websites with such persistent permission would be able to identify users via their payment details). The user agent would still make stored user information available -- similar to how the web browser assists in filling out form information even when incognito; however, such information would be inaccessible to the merchant web site until submitted by the user. Assistance is expected, automation is not.

When operating in incognito mode, it is probably also advisable to take additional steps, possibly at the expense of usability, to frustrate attempts to determine whether the user has registered payment apps that support specific payment methods. For example, always prompting the user when a payment request is made, even if there are no matching payment apps available, may serve such a purpose. Note, however, that this would need careful consideration, as web sites might determine from such behavior that the user is browsing in an incognito context.

When the Payment Request API is invoked in an incognito context, we suggest that any web-based payment apps also be invoked in an incognito context. This will generally prevent such sites from accessing any previously-stored information; this, in turn, will require users to either log in to the payment app or re-enter payment instrument details.

The Payment Request API specification should thus include discussion on browser behavior in incognito mode.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/230

Received on Wednesday, 10 August 2016 20:20:07 UTC