Talk:Privacy/Roadmap 2011
Improve Private & Semi-anonymous Browsing
I think per-tab private mode is likely to be confusing. I think the more intuitive way to provide this linkability improvement is by isolating the browser state for a given top-level urlbar domain (ie the double-keying Cookie idea but applied to cache, DOM Storage, client certs, etc).
OTOH, the ability to have a per-window private mode, or perhaps even just a single concurrent private mode consisting of many windows may make sense. For example, I think Chrome's Incognito Mode windows are very intuitive for this reason. I think it also does make sense to have all private browsing windows share the same virtual profile.
On the third hand, the downside of concurrent use is that it makes the "I'll just go to the wifi cafe or tether my cell phone" use case more difficult. That user will end up linking themselves via all the activity in their previous tabs/windows.
Deploy Safe and Rational Defaults
While I think that improving the referer situation is useful in some cases, it really doesn't do anything to stop bad actors. I think giving sites control over when referer info is sent to third parties should be a higher priority than just restricting it client side, so sites can control the leakage of their PII themselves. Right now it simply is not possible for sites to restrict referer for many elements. Providing trickle-down restrictions via CSS or via an attribute of the html or body tag would be ideal.
Perhaps the way to do this for private browsing mode is to create an attribute that says "Yes transmit referer", and have referer disabled or restricted otherwise.
After all, if bad actors really want to pass data to their third parties, they have plenty of options available for this even if referer is restricted/eliminated...
