w3ctag / private-mode Goto Github PK

Should private sessions be able to access cookies, etc. from "normal" browsing mode?

Some people currently browse in private mode by default. Some parts of this spec will make doing so more "in your face" / "chatty", which may cause them to stop using private by default.

Discuss.

There are currently a number of constraints on the form of an HTTP request.

Is this level of precision for HTTP requests necessary? It doesn't completely address HTTP
fingerprinting, and could be a major implementation pain.

Needs implementer feedback.

... are state, and it might be better to persist them between sessions.

Discussed on call 2 Nov https://github.com/w3ctag/meetings/blob/gh-pages/2015/telcons/12-02-agenda.md - presentation API people wondering what's going on with it. Some possible evidence of demand?

Browsers in private mode must not log information about the browsing session.

What does this mean, precisely?

TBD: history, fonts, introspection, geolocation, keypress, window, WebStorage, etc.

The concept of a private browsing "session" and "terminating" it aren't well-defined.

Disallow completely, or constrain?

How should they be handled? Integrated vs. extension doesn't seem to make a difference.

Some extensions (Flash, in particular) are extremely dangerous since they provide means to identify user (Flash cookie) AND at the same time user needs them to be enabled (to play video). Probably, we should talk about enabling private mode in plugins/extensions too?

Tracking issue

Fingerprinting

• http://www.chromium.org/Home/chromium-security/client-identification-mechanisms
• https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
• https://www.browserleaks.com
• https://panopticlick.eff.org/index.php?action=log&js=yes

Side Channel Attacks

• http://research.microsoft.com/pubs/119060/WebAppSideChannel-final.pdf
• http://freehaven.net/anonbib/cache/LZCLCP_NDSS11.pdf

... needs discussion / refinement.

... needs to be filled out.

This needs to cover trust issues around configuring proxies; they can be useful (e.g., for Tor) or harmful.

Many extensions and browser settings are driven by the user; they are not "state" as set by the site.

Some of it falls into a grey area -- e.g., HSTS information (#10), password managers (#2).

How should this be handled? The spec needs to be a lot crisper here...