Skip to content

Update Protection to clarify user control and access protection #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Update Protection to clarify user control and access protection #9

Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
0e52237
Update Protection to clarify user control and access protection
csarven Feb 17, 2025
072ed8f
Retain "computer"
csarven Mar 1, 2025
a351265
Using "intent" instead of "consent" to emphasise clear, deliberate us…
csarven Mar 1, 2025
e45e7b6
Uses "individual" intead of "user" and avoid "consent"
csarven Mar 1, 2025
228ebf2
Fix typo
csarven Mar 1, 2025
f6c4974
Clarify data-sharing language to avoid "minimal" and align with data …
csarven Mar 1, 2025
0cefd12
Clarify user decision making around sharing data and link to privacy …
csarven Mar 1, 2025
a54d0b5
Clean up phrasing about UA protecting users from getting tricked and …
csarven Mar 1, 2025
67532b2
Clarify local environment access with user intent
csarven Mar 2, 2025
72c6c34
Replace expose with exposing to match installing and accessing
csarven Apr 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 19 additions & 17 deletions index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,23 +78,25 @@ and embodied in the various standards that user agents implement.
## Protection ## {#protection}

[[design-principles#safe-to-browse|It should be safe to visit a web page.]]
That is, simply visiting a page must not allow
the page to make permanent changes to the user's computer or environment
(for example by installing malware),
and simply visiting should reveal
as little information as practical about the user to the page,
to the user's environment,
and to any other interested actor.

Users can opt into sharing more information with a page they visit,
for example by entering or auto-filling data into form fields,
or granting permissions to the page.
Users can also allow the page to make changes to their environment,
for example by installing native programs that the page offers.
Even in these cases,
user agents should strive to prevent pages from tricking their users
and should help their users notice
when they might be giving the page more power than they intended.
Specifically, visiting a page must not allow it to make changes to the user's computer or environment,
such as installing software, accessing hardware,
or exposing sensitive information without clear user intent.
Additionally, user agents must prevent web pages from tracking individuals unless they have explicitly enabled it.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New pgf here for the new concept? Privacy and host security are pretty distinct ideas. I'd almost reorder the entire section on that basis (deal with host security stuff with pgf 1 part 1 and pgf 3; then deal with privacy with pgf 1 part 2 and pgf 2...

Any data shared should be as little information as practical,
only what is needed to achieve the individual's goals,
and consistent with their preferences and safety,
in alignment with [data minimization](https://www.w3.org/TR/design-principles/#data-minimization) principles.

Users can [choose to share more information](https://www.w3.org/TR/privacy-principles/#dfn-opt-in),
whether by entering data, allowing auto-fill,
or granting permissions.
User agents should prevent pages from tricking their users
and help them notice when they may give the page more control than intended.

Access to the user's local environment, such as local files,
should be strictly limited and only allowed when the user clearly intends to provide access.
This should occur through direct user actions,
with clear warnings to prevent accidental exposure of data.


## Honesty ## {#honesty}
Expand Down