Create explicit security/privacy section #35
Comments
|
Hi, got here from w3ctag/design-reviews#365. When this section is added, it should probably cover the ability to use |
|
Yeah, or at least mention that user agents should ensure that this API returns consistent results if they offer some kind of user profiles (including private profiles) as otherwise they can be distinguished. And to add, not just the API, but also the behavior on disk as otherwise you can still get there using "brute force". |
|
Is there any spec that actually defines features like incognito or private browsing? I was under the impression those were product features not defined by spec language. It seems like a shift in scope and requirements if all specs must now consider impact to undefined features like this. |
|
I think @mnot has done some work on it in the past. I would not object to having some non-normative language around it as a guidance for implementers, in particular as everyone does need to care about it. |
It can mostly refer to the user interface guidelines, which already take this into account. Perhaps also mention some concerns around quotas and general interaction with the OS.
The text was updated successfully, but these errors were encountered: