New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Privacy Mode #101
Comments
Some thoughts forming here, feedback appreciated: |
A few thoughts: Some issues that may or may not be worth mentioning:
I think the "network data controls" section is particularly vague; it could definitely use examples. I think there are a few places where the terms "(site/local/network) data controls" are crossed (e.g., at the end of the Site Data Controls section, and maybe in the Appendix). I wonder whether the "Should my feature..." section should differentiate better between the password case and the cookie case I mentioned above. Also, in the same section, what sort of interaction with user data controls should features that aren't compatible with Privileged Contexts define? |
I think content blocking is out of scope for this document, based on the definition of 'user data'. User interaction as a way to distinguish types of data is useful; will try to work it in. Thanks! |
FYI @mnot some discussion here at the web payment wg f2f, in the response to the response to the security & privacy self-review, on desirable behavior when the user is in "incognito mode". Underscores the potential need for some kind of standard definition of what a browser private mode is... |
discussed at the Stockholm f2f... adding @torgo to this. |
The Web Payment API's review feedback for our question on incognito mode, and follow-up discussion.
From: http://www.w3.org/2016/07/07-wpwg-minutes#item07
|
And here's the actual question in the security questionnaire: So... wondering if we can rephrase this question or drop it? What is it really asking? |
Discussed at Tokyo F2F. @dbaron agreed to do some additional polling of browser vendors to ask about what would be useful here. |
Discussed at the F2F in Boston: https://pad.w3ctag.org/p/2017-02-08-minutes.md Action: @dbaron to research specs that would like dependencies on or a different behaviour in a privacy mode; @hadleybeeman to prepare draft blog post and return to the TAG for review. |
Discussed in Tokyo F2F with special guest @tagawa. Notes here: https://pad.w3ctag.org/p/2017-04-28-minutes.md |
Some agreement that we should continue work on a document - need to figure out where that could live. Hadley to report back on 5-16. |
@hadleybeeman working on a blog post. |
👍 Let me know if you need any input or proofreading for that. |
Would be happy to help, and incorporate the suggested (not yet 'proposed') way to signal to servers "hey, I am trying to be somewhat private here!" |
Seems like |
Discussed at London f2f. |
(Is this the right thread?) In connection with Private Browsing Mode, we have suggested
|
Just updating this at our TAG face-to-face in Paris, since the topic came up in multiple places at TPAC last week. At WebAppSec's meeting on Tuesday, @wanderview stated that Web Platform WG had wanted a normative private browsing spec to reference when designing their own features. It looks like W3C and WebAppSec are looking at creating a privacy working group. (pinging @wseltzer @mikewest to fill in any gaps there) Also, PiNG met on Friday, and discussed whether private browsing is best addressed with normative specs (which would need a working group. Options include rechartering/expanding WebAppSec or creating that privacy working group) or non-normative notes and requirements, which could be done from an interest group or community group. @samuelweiler and @snyderp were going to investigate those. To all tagged here, please let us know if/how we can help! |
@samuelweiler sorry to pull on your patience again, but whats the best way forward here. Can you point me in the right direction? (promise I'll kick the training wheels off soon) |
Also of interest https://github.com/w3ctag/private-mode |
Discussed during telecon on 15.01.19. We're not standardising it this week. |
Breakout session for the f2f. |
Hi all, @lknik is working on text for a possible new TAG finding on this topic. Given that, I'd like to close this issue. Interested parties are encouraged to raise issues on his document once he has a draft up. |
@mnot to revise document in time for London F2F.
The text was updated successfully, but these errors were encountered: