Security/Anonymous Browsing: Difference between revisions
| Line 22: | Line 22: | ||
=Use Cases= | =Use Cases= | ||
... | |||
Users of anonymous browsing mode would be concerned about tracking from Internet sites under various circumstances, and may or may not be concerned about local records on their computer's disk. They may have a number of browsing behaviours. It is best to represent these behaviours as "stories", to better understand the needs of different types of users, and to properly design feature and option choices to accommodate them. | |||
== The Medical Patient == | |||
== The Pseudonymous Blogger == | |||
== The Abuse Victim == | |||
== The Paranoid == | |||
== The Whistleblower == | |||
== The Anonymous Commenter == | |||
Most likely, they spend the majority of their Internet usage logged into a number of services online that record various things about them, and may log them into arbitrary services automatically due to federated login systems such as OpenID, and have been exposed to a number of ad networks intent on tracking them. | |||
The user has some activity that they do not want trivially tracked | |||
=User Agent Considerations= | =User Agent Considerations= | ||
Revision as of 07:33, 25 June 2010
This page will serve as a design requirements and discussion for an Anonymous Browsing Mode. Whether or not it is implemented, the requirements and goals for such a mode will be documented here.
Anonymous Browsing Mode
Unlike Private Browsing, which mainly attempts to protect a user from a local attacker, Anonymous Browsing will serve to minimize the amount of identifying data that is available to a remote (web or network) attacker (for example, consider the EFF panopticlick project). The main motivations behind such a mode are to prevent user tracking and fingerprinting, but there are many use cases.
Scope of this Document
This working document will serve as an explanation of why users will want Anonymous Browsing, how such a mode would behave and what will need to be different in this mode from regular browsing sessions for such a mode to be useful.
Metadata
| Driver: | Sid Stamm |
| Status: | Brainstorming |
| Started: | 24-June-2010 |
Relevant Links:
- ...
Use Cases
Users of anonymous browsing mode would be concerned about tracking from Internet sites under various circumstances, and may or may not be concerned about local records on their computer's disk. They may have a number of browsing behaviours. It is best to represent these behaviours as "stories", to better understand the needs of different types of users, and to properly design feature and option choices to accommodate them.
The Medical Patient
The Pseudonymous Blogger
The Abuse Victim
The Paranoid
The Whistleblower
The Anonymous Commenter
Most likely, they spend the majority of their Internet usage logged into a number of services online that record various things about them, and may log them into arbitrary services automatically due to federated login systems such as OpenID, and have been exposed to a number of ad networks intent on tracking them.
The user has some activity that they do not want trivially tracked
User Agent Considerations
Caches and History
Fonts and Font Lists
Locale issues, standard font lists, etc.
Advertised Capabilities
User-Agent string, Accept headers, etc.
Plug-Ins
Extensions/Add-Ons
Security
SSL certs, etc.
Impact
How much will this impact web experience for the users? Sure we can break things in the name of anonymity if users opt for such a mode, but how much is tolerable?