"Incognito Mode" Feedback on "Self-Review Questionnaire: Security and Privacy" from Ian Jacobs on 2016-09-28 (www-tag@w3.org from September 2016)

From: Ian Jacobs <ij@w3.org>
Date: Wed, 28 Sep 2016 13:23:28 -0500
To: www-tag@w3.org
Message-Id: <1FEDEA99-D6AB-43A3-8366-D3E5958F25BE@w3.org>

Dear TAG,

In the Web Payments Working Group, a task force reviewed some of our specifications using
the checklist "Self-Review Questionnaire: Security and Privacy." Section 3.14 [1] refers to
considerations when in “incognito mode.” We have two comments based on our experience.

1) The first is editorial: “Incognito Mode” is specific to Google. Although the term appears in quotes,
   our feedback is that the checklist should probably use a generic term such as “private browsing
   mode.”

2) The second is more substantive: because there is no standard behavior among browsers for
     a private browsing mode, we did not feel we could offer standard guidance to developers
     on how to manage payment app behavior in such a mode.

Further clarity in the questionnaire would help us determine what, if anything, to add
to our specification.

Thank you,

Adam Roach (Mozilla) and Ian Jacobs (W3C)

[1] https://www.w3.org/TR/security-privacy-questionnaire/#incognito

--
Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
Tel:                       +1 718 260 9447

Received on Wednesday, 28 September 2016 18:23:31 UTC