<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Why not allow the website telling a "tracking cookie" that, when it
expires, all related data "linked" to that cookie is also deleted?<br>
Even if it is limited to cached resources, it should be useful
enough.<br>
Personally, I'd like to send the user something of sorts:<br>
<br>
Cache-Cookies: (jSessionid OR PHPSESSIONID)<br>
Cache-Cookie-Expire-Remove: *.php *.jsp */*/ */*-*<br>
<br>
That would mean:<br>
Track 2 cookies. 1 is named jSessionid and the other PHPSESSIONID.<br>
If either expire, remove all cached content on pages whose url
matches any of:<br>
<ul>
<li>.*php -> php file</li>
<li>*.jsp -> jsp files</li>
<li>*/*/ -> All URL that are paths (the ending "/" makes it not
match files)</li>
<li>*/*-* -> All url with paths that contain an "-"</li>
</ul>
<p><br>
Besides the OR above, I think that an AND should also be valid.</p>
<p>If "Cache-Cookies:" is defined, "Cache-Cookie-Expire-Remove:"
defaults to "*" I.e. everything.<br>
</p>
<p><b>Consequence:</b> If the server sends those headers such that
it tracks a cookie that expires on that request (past date on the
expires field), then the effects take effect immediately after the
request.<br>
</p>
<p><br>
This is just a <b>proposal</b>. It has <b>many design problems</b>
but I think it is a nice stepping stone to start an idea.<br>
</p>
<br>
<div class="moz-cite-prefix">On 08-09-2015 05:28, Bram Pitoyo wrote:<br>
</div>
<blockquote
cite="mid:CAAicQ-02CDdqV3Yyut12anRfsDnr9DpM3T5vNAVVpDJOG6cQwQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>Hi Eric,<br>
<br>
</div>
One interesting thing about this proposal is that it’s
useful for sites that offer anti-abuse services (often,
they’re domestic abuses). They have no need to track user’s
activities, and therefore would have no interest in Tracking
Protection. They just want to make sure that visitors,
potential victims of abuse, can open the site and feel
secure that their abusers won’t be able to track their
activity.<br>
<br>
</div>
You can find the original suggestion here:<br>
<a moz-do-not-send="true"
href="https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0087.html">https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0087.html</a><br>
<br>
</div>
And the relevant quote below:<br>
<span style="font-family:arial,helvetica,sans-serif"><br>
</span>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px
solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">
<pre id="body"><span style="font-family:arial,helvetica,sans-serif">One example is <a moz-do-not-send="true" href="http://www.kidshelpphone.ca/">http://www.kidshelpphone.ca/</a> they provide anonymous phone
line for kids that may have issue or problem in their family. This lead to
a sensitive problem, a kid visiting this site need to know how to clean
browsing history since a adult seeing the browsing history might challenge
the kids about the visit and lead to more stress or bigger problems. They
did explain on the site header how to flush history and train visitor about
the anonymous tab, this isn't perfect at all, because it really entirely on
the user actions and the assumption that he read and understood the
section.
[…]
Of course I'm quite sure, site with adult content would also be like such
features but this is not really the issue I'm trying to resolve at this
point.</span>
</pre>
</blockquote>
<div> </div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Sep 8, 2015 at 3:07 PM, Eric
Rescorla <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:ekr@rtfm.com" target="_blank">ekr@rtfm.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote"><span class="">On Mon, Sep 7,
2015 at 7:17 PM, Javaun Moradi <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:jmoradi@mozilla.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:jmoradi@mozilla.com">jmoradi@mozilla.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px
0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">It’s
a really compelling idea that Bram and Francois
thought up. Low-risk, low-effort, and a
potentially big upside.<br>
<br>
Right now, users have to be aware that PBM even
exists and then remember to turn it on in certain
situations. Turning it on automatically removes
that cognitive barrier, grows the number of users
protected by PBM, and educates them on the feature
and on situations where they may want more
privacy. All of those are good things for users,
and since we’re making a big bet that we’ll have
the best PBM of any mainstream browser, growing
the market appetite for private mode would be
really good for Firefox.<br>
</blockquote>
<div><br>
</div>
</span>
<div>I'm not convinced about the connection to private
browsing mode.</div>
<div>It might well be true that sites would be
interested in clearing their</div>
<div>state when the user logs out (though it's worth
noting that in fact</div>
<div>many sites retain state across logins and use it
to present a</div>
<div>partially individualized user experience even
though they would</div>
<div>require you to log in in order to access any
really sensitive data.</div>
<div><br>
</div>
<div>However, PBM is something different and many of
the applications</div>
<div>for PBM actually have you in a position
adversarial to the site. For</div>
<div>instance:</div>
<div><br>
</div>
<div>- Using PBM to bypass limits on the number of
free articles you can</div>
<div>read.</div>
<div>- Hiding your history from sites</div>
<div> (cf. <a moz-do-not-send="true"
href="http://cseweb.ucsd.edu/%7Ehovav/papers/jjls10.html"
target="_blank">http://cseweb.ucsd.edu/~hovav/papers/jjls10.html</a>)</div>
<div>- Tracking protection</div>
<div><br>
</div>
<div>I think it's an open question whether enough
sites would want to</div>
<div>actually exercise this capability to create a
material improvement in</div>
<div>user privacy.</div>
<div><br>
</div>
<div>-Ekr</div>
<div>
<div class="h5">
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px
0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">There
are some potential UX challenges like those you
mentioned Mike — do users understand why a PB
window just opened? But it’s worth doing some
exploration to see how users feel about it.<br>
<span><font color="#888888"><br>
Javaun Moradi | <a moz-do-not-send="true"
href="mailto:jmoradi@mozilla.com"
target="_blank">jmoradi@mozilla.com</a> |
IRC: javaun | @javaun<br>
</font></span>
<div>
<div><br>
> On Sep 7, 2015, at 7:47 PM, Mike Hommey
<<a moz-do-not-send="true"
href="mailto:mh@glandium.org"
target="_blank">mh@glandium.org</a>>
wrote:<br>
><br>
> On Tue, Sep 08, 2015 at 11:19:39AM
+1200, Bram Pitoyo wrote:<br>
>> Hi Gerv,<br>
>><br>
>> Some of us at the Privacy and
Security team has been thinking of the same<br>
>> thing!<br>
>><br>
>> Instead of a per-site caching rule,
we’d like to have it so that a site can<br>
>> say to any browser: “Please always
open me in Private Browsing”, and the<br>
>> browser would respect that.<br>
>><br>
>> The end result is the same:
confidential information is never recorded
in<br>
>> the cache.<br>
>><br>
>> The user flow and interface can be
seen here (graciously written by<br>
>> Francois):<br>
>> <a moz-do-not-send="true"
href="https://wiki.mozilla.org/Security/Automatic_Private_Browsing_Upgrades"
rel="noreferrer" target="_blank">https://wiki.mozilla.org/Security/Automatic_Private_Browsing_Upgrades</a><br>
><br>
> While that seems interesting, I'll
point out that my gut reaction was<br>
> "oh great, a new way for abusers to
open popups".<br>
><br>
> Another gut feeling is that users are
now accustomed to links never<br>
> opening new windows, and that would be
a step back. I, personally, would<br>
> hate this feature because of that.<br>
><br>
> Mike<br>
>
_______________________________________________<br>
> firefox-dev mailing list<br>
> <a moz-do-not-send="true"
href="mailto:firefox-dev@mozilla.org"
target="_blank">firefox-dev@mozilla.org</a><br>
> <a moz-do-not-send="true"
href="https://mail.mozilla.org/listinfo/firefox-dev"
rel="noreferrer" target="_blank">https://mail.mozilla.org/listinfo/firefox-dev</a><br>
<br>
_______________________________________________<br>
firefox-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:firefox-dev@mozilla.org"
target="_blank">firefox-dev@mozilla.org</a><br>
<a moz-do-not-send="true"
href="https://mail.mozilla.org/listinfo/firefox-dev"
rel="noreferrer" target="_blank">https://mail.mozilla.org/listinfo/firefox-dev</a><br>
</div>
</div>
</blockquote>
</div>
</div>
</div>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
firefox-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:firefox-dev@mozilla.org">firefox-dev@mozilla.org</a>
<a class="moz-txt-link-freetext" href="https://mail.mozilla.org/listinfo/firefox-dev">https://mail.mozilla.org/listinfo/firefox-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>