67071 – Feature Request: Private Browsing initiated by server header.

Bug 67071 - Feature Request: Private Browsing initiated by server header.

Summary: Feature Request: Private Browsing initiated by server header.

Status:	UNCONFIRMED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Enhancement
Assignee:	Nobody

URL:	http://groups.google.com/group/mozill...
Keywords:

Depends on:
Blocks:

Reported:	2011-08-26 16:51 PDT by Philip Clarke
Modified:	2011-08-26 23:01 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philip Clarke 2011-08-26 16:51:11 PDT

I am contacting all the browser manufacturers to try and implement a standard to protect people's whose privacy must remain intact like people visiting crime reporting websites, child abuse and spousal abuse reporting etc.... the original post is here

http://groups.google.com/group/mozilla.dev.apps.firefox/browse_thread/thread/22ed0734bae0bedf#

The server sends out a header 

X-privacy: Private

and the browser responds immediately by opening a private browsing session, at the moment it is far too convoluted to explain to every use on every browser how to open a private session and to clear cookies and caches. so we need something that will prompt the browser for the surfers own personal safety.

Thank you for your time.

Comment 1 Alexey Proskuryakov 2011-08-26 22:22:59 PDT

Interesting.

What prevents the site from not using cookies or setting a short cache timeout, in the first place? What are the parts that only a browser can do?

Comment 2 Philip Clarke 2011-08-26 23:01:19 PDT

A short cache timeout or not setting cookies is reliant on the web master and is also covered by the submission to the w3c by microsoft

http://www.w3.org/Submission/web-tracking-protection/

which deals with the user being able to request that a website not track them through cookies and the browser sending a header.

This is the opposite way around. The server sends the header, and the browser makes a note to purges it's history of the value set in the Host header from the cache and all cookies received from that location when the window is closed, which is the behaviour of a "Private Browsing" session in Firefox or "Incognito" session in Chrome (webkit based I believe). Except this goes further.

Let's suppose one visits the local police station, one may be doing so because one wants to get information, or one wants to report a crime. For the police website either
the header "X-privacy: Private" should be set on the crime reporting page and then the browser retrospectively clears the cache and cookies for that domain (and there is probably a good case for disabling bookmarking).
Or the entire website runs a header "X-privacy: Optional" which pops up an alert box asking the user if they want a private browser session.

This is more to do with what the user cannot do easily themselves across a range of browsers rather than asking the website to not track them (set cookies) or "hoping" that the browser is going to respect Cache-Control headers and expire the pages. Except most people reporting abuse or crime are going to be more concerned with other matters than their browser history settings.

Thank you.