Comments (8)
Different user agents conceive of Incognito mode/private mode in different ways and enable different features. I'm not sure it makes sense to try to dictate a reaction to such a mode at the level of this specification. Can we discuss in the next PrivacyCG?
from gpc-spec.
Some brief notes from the perspective of the meeting about things to add to address this:
Context matters, browsers understand what people want, they try very hard to interpret and there needs to be flexibility on defaults and activation at the browser level. Should make it clear that GPC default settings is based on the user agent or extensions' understanding of how they anticipate their audience behaves. Browser modes alteration of user state in this signal should be considered based on the accompanying messaging to the browser users. Add in as deeper context around how to make the decisions and expectations. Maybe also an explainer for how this has worked and resources from legal decisions, regulator statements, etc...
from gpc-spec.
How browsers interpret user intent or anticipate user expectations is a bit of a science and a bit of an art, but I think that this conclusion is right. We plan to clearly document our rationale for how we interpret various signals and use those to decide to turn GPC on or off. We're happy to share that.
from gpc-spec.
I'm taking a stab at flexibility for this here: #39
It's not fully answering your question but makes it clear the door is at least open to it.
from gpc-spec.
Does this make it impossible to default to enabling GPC in private browsing modes, only with appropriate interface affordances, or only in some jurisdictions?
The answer to these questions depends on the laws and regulations in a particular jurisdiction. For example, per the CCPA, a consumer’s choice of using privacy-preserving browsers or other tools is considered a sufficiently deliberate act that is interpreted as a consumer expression of a preference to not have personal information sold or shared:
The consumer exercises their choice by affirmatively choosing the privacy control [...] including when utilizing privacy-by-design products or services.
Maybe, in other cases turning on a privacy mode of a "normal" product or service is sufficient to also turn on GPC by default in this mode.
To leave this flexibility we may want to take out section 5.1.
from gpc-spec.
(None of this is legal advice, just my personal understanding. Ask Mozilla counsel before acting on any of this, etc.)
I think it depends on what you mean by obligations on the browser. I don't believe that the browser incurs any legal obligation from GPC in any jurisdiction that I'm aware of. A browser that wishes to make GPC legally effective may in some jurisdictions need to do more than just send the header. However, in every existing jurisdiction that I am aware of, I believe that turning on Private Browsing would be more than enough to meet even a pessimistic interpretation of the law.
I agree with you that there is a risk that privacy labour could be transferred to people, however I believe that it can be minimised. Again, check with counsel but I believe that at worst showing a "Do you want to sell your data?" prompt at first launch ought to be sufficient.
from gpc-spec.
showing a "Do you want to sell your data?" prompt
A bit of an aside, we tested a UI mockup in an upcoming PETS paper to get a sense of whether people understand GPC (81%) and how many would turn it on (94%). Here is the UI we tested (and some more intricate UI tests are in progress ...):
from gpc-spec.
I would like to say that this is out of scope for the specification and up to the implementer. Browser vendors / extension developers have a better understanding of their users' intent in private/incognito mode than the spec writers and arguably user intent is not consistent across every browser. Different browsers provide different messaging on activation of clean-state browser modes and the activation of GPC in those modes may make sense based on one browser's messaging but not on another and in some cases it may even make sense to present it as an option on activation of that mode, as @darobin suggests. I do not think we need language in the spec to address this.
from gpc-spec.
Related Issues (20)
- Update gpc-spec links
- Ensure consistency between HTTP and JavaScript HOT 6
- Make the architecture support other privacy laws HOT 10
- Give UAs more help in establishing user intent HOT 7
- Legal Effects section may fall out of date HOT 5
- Set up explainer document in this repo with more detail for implementers HOT 6
- Are implementers expected to always have the header active or not? HOT 3
- Should the navigator property always have the property active or not? HOT 5
- Create consumer-facing GPC instructions HOT 1
- Mixed documentation on navigator.globalPrivacyControl returning 1 or true HOT 5
- Clarify when a Global Privacy Control preference needs to be conveyed
- Add direct identification for each jurisdiction HOT 1
- GPC spec status HOT 4
- Move laws to Explainer HOT 2
- §5 should end after the sentence "For additional details on legal effects, consult the explainer." HOT 2
- Respec
- I'll merge this. If any devs think we should change the glob pattern instead we can change the behavior in a secondary PR. HOT 1
- F
- Evaluation
- Notion
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gpc-spec.