CSR and UI
recent threads on the public-appformats newslist have concentrated on the issue of cross-site requests and privacy vis-a-vis cookies. there's some concern that sharing cookies, while not a new threat to server security, *is* a possible threat to user privacy. sounds like some are considering not allowing cookies to be passed when doing a CSR.
i think this the wrong approach.
sure, it's possible that some personal data will 'leak' from one server to another. but that is already happening today. cookies get passed with
img tags and advertisers have been taking advantage of this for quite some time. and removing this feature from scripted CSR (via the
XMLHttpRequest object) is going to greatly reduce the value of CSRs for doing mashups, extended data queries, etc.
instead, we should come up with ways to allow users to control the sharing (or not) of personal data with target sites. and the model i propose is taken from two other areas where current browsers already help users protect their privacy: HTTPS and 'ad-blocking plugins.' the idea is to get the browsers who support CSR w/
XMLHTTPRequest to tget the user to establish the level of security they want to employ. here are my 'touchpoints' for the user:
- when the browser installs, prompt the user for the default CSR cookie share rule (share|prompt|don't share)
- second, when a CSR occurs, and the share rules is "prompt", pop a dialog that asks the user if they want to 1) share this one time or 2) add to whitelist of sites that are allowed to share cookies.
- users can also manage their CSR site list via the "Options..." dialogs in the browser.
this kind of UI for handling security issues has been around for quite some time. MSIE has the 'security zone' model to control what is allowed for sites that are in a specific collection or 'zone.' all major browsers have dialogs to allow users to whitelist or blacklist sites with regards to cookies. browsers also allow users to ask to be prompted when moving from HTTPS to HTTP. finally, many FF users are fimiliary with the Ad-Blocker plugin that allows users to whitelist and blacklist requests that can result in displaying ads.
all these patterns are familiar to users and can be leveraged to provide users with a way to control how CSR handle their private data.