Re: "Incognito Mode" Feedback on "Self-Review Questionnaire: Security and Privacy"

Le 28/09/2016 à 21:20, Mike West a écrit :
 > +public-privacy@, who have been thinking along similar lines.
 >
 > -mike
 >
 > On Wed, Sep 28, 2016 at 8:23 PM, Ian Jacobs <ij@w3.org
 > <mailto:ij@w3.org>> wrote:
[...]
 >     2) The second is more substantive: because there is no standard
 >     behavior among browsers for
 >          a private browsing mode, we did not feel we could offer
 >     standard guidance to developers
 >          on how to manage payment app behavior in such a mode.
 >
 >     Further clarity in the questionnaire would help us determine what,
 >     if anything, to add
 >     to our specification.

I do not know whether the Web Payments WG saw that document already but, 
when we looked into "Private Browsing mode" for the Presentation API in 
the Second Screen WG, Travis pointed us to Mark Nottingham's "User data 
Controls in Web Browsers" proto-spec:

https://gist.github.com/mnot/96440a5ca74fcf328d23#user-data-controls-in-web-browsers

This document provides guidance on how to reason about and specify 
interactions with User Data Controls. I think it is well worth a read 
when one needs to assess potential privacy issues.

The privacy and security questionnaire could perhaps reference that 
document, or include it, to clarify what the notion of private browsing 
mode typically conveys ("primarily a local data control", often a "site 
data control" as well).

Francois.

Received on Thursday, 29 September 2016 07:48:56 UTC