Confirmed users
908
edits
Security/Automatic Private Browsing Upgrades: Difference between revisions
Security/Automatic Private Browsing Upgrades (view source)
Revision as of 03:04, 19 September 2015
, 19 September 2015→Security / Privacy Considerations: add two more privacy considerations (without mitigations)
m (→Mitigations: capitalize link) |
(→Security / Privacy Considerations: add two more privacy considerations (without mitigations)) |
||
| Line 59: | Line 59: | ||
* If a user is using private browsing to separate Facebook from the rest, a site could defeat that protection by getting itself "upgraded" into private browsing without the user's consent and then share data with Facebook via the Like button. | * If a user is using private browsing to separate Facebook from the rest, a site could defeat that protection by getting itself "upgraded" into private browsing without the user's consent and then share data with Facebook via the Like button. | ||
* A site could use this mechanism to probe whether or not the user is in Private Browsing mode though it would cause some pretty major UX disruptions. | * A site could use this mechanism to probe whether or not the user is in Private Browsing mode though it would cause some pretty major UX disruptions. | ||
* This could be a way for sites to bypass the popup blocker. | |||
* There would be other traces in a user's browser: | |||
* They used a search engine to find the anti-abuse site and the search result page is still in the cache. | |||
* They were logged into their Google account when visited the site and it ended up in their account's Web History. | |||
=== Mitigations === | === Mitigations === | ||