User Data Controls in Web Browsers guidelines

[anssiko]

@travisleithead of TAG reports:

At our most recent TAG f2f we discussed an alternate approach to our previously planned "privacy mode" spec. Given some pushback from implementers against standardizing the specifics of what constitutes privacy mode in browsers directly, @mnot has proposed a document that may be an incremental step toward that eventual goal. The document, aimed at spec authors, should provide a framework from which to consider the various user data controls that are made available in browsers. It is our hope that such a document could be a good reference for any spec concerned with how their feature is impacted by user privacy concerns. As the Second Screen group gave the TAG specific feedback about wanting to reference a privacy mode spec, we hope you'll take a look at this document and provide us feedback on whether it would be useful to you as a reference:

User Data Controls in Web Browsers

Actions to the group:

• Review the User Data Controls in Web Browsers, provide feedback as comments in this issue
• Implement the guidelines in the Presentation API where applicable

Actions to @tidoust @anssiko:

• Summarize and submit the group's feedback to TAG

(For the context, the private mode was first discussed in the context of #45.)

[tidoust]

I reviewed the User Data Controls in Web Browsers document. I have three comments on the document itself:

1. It does not mention permissions exposed to the Permissions API in parts of the Web platform affected by Site Data Controls, which could persist from one browsing session to another. If it's on purpose, I don't understand why.
2. I failed to understand why AppCaches were listed in Site Data Controls and not in Local Data Controls together with HTTP caches initially, until I remembered that AppCache also comes with an Application cache API that exposes the cache status to the app. It might be worth clarifying that in the document. And if there's another reason, I missed it...
3. I'm not entirely clear whether we can reference the common user data controls identified in Appendix A, namely "Clearing Site Data" and "Privacy Mode", e.g. to say "Create a new top-level browsing context C set to display content on D in privacy mode" in an algorithm.

The classification into "Site Data Controls", "Local Data Controls" and "Network Data Controls" seems useful, otherwise. For instance, in the Presentation API, most of the discussions we had to describe the private mode for the receiving browsing context were on "Site Data Controls" (although "Local Data Controls" could also be relevant).

The recommendation that I think we need to discuss at the F2F is:

Specifications SHOULD NOT detail interaction with specific user data controls, because their nature tends to change over time.
Specifications MAY illustrate the effects of user data controls and suggest (but not require) interactions with them.

This seems to suggest that specific steps in the Presentation API algorithm to create a receiving browsing context that reference cookies, local storage, etc., should rather be turned into informative guidance.

(I also note that this algorithm does not reference some of the technologies listed in the "Site Data Controls" category such as AppCaches, and ServiceWorkers).

[tidoust]

Discussed at the F2F:
http://www.w3.org/2016/05/24-webscreens-minutes.html#item14

PROPOSED RESOLUTION: complete the clear site data steps in the spec (add AppCache, Service Workers) and add non-normative note referencing TAG document for more complete list, add note clarifying this is not about defining private mode
ACTION: tidoust to inform TAG when the PR re clear site data lands and submits his feedback to TAG

[mnot]

Thanks for the feedback!

It does not mention permissions exposed to the Permissions API in parts of the Web platform affected by Site Data Controls, which could persist from one browsing session to another. If it's on purpose, I don't understand why.

It's not meant to be a complete listing, but that's a good point; added.

I failed to understand why AppCaches were listed in Site Data Controls and not in Local Data Controls together with HTTP caches initially, until I remembered that AppCache also comes with an Application cache API that exposes the cache status to the app. It might be worth clarifying that in the document. And if there's another reason, I missed it...

Fixed.

I'm not entirely clear whether we can reference the common user data controls identified in Appendix A, namely "Clearing Site Data" and "Privacy Mode", e.g. to say "Create a new top-level browsing context C set to display content on D in privacy mode" in an algorithm.

It isn't the intent of this spec to define privacy mode for that purpose.

[anssiko]

I believe we have a good proposal in PR #308 (please review) that we can land soonish and mark this issue closed.

[mfoltzgoogle]

@anssiko It sounds like you want to close this now; do we want to file a separate issue to handle Service Workers?

[anssiko]

Addressed by #308 except for service worker's persistent storages for which I created its own issue #318.

Closing this issue now.