Sunday, April 17, 2016

[tkihzbvq] Managing incognito cookies

A more paranoid mode of incognito mode found in browsers:

Cookies are not shared between tabs or windows.

Open link in new tab does not transfer cookies to the new tab.  This might be a little confusing for users: a new tab may seem to log out of a site, but they will easily be able to learn and understand this simple model.

Also avoid setting HTTP Referer when opening a link in a new tab.

Websites that open new windows or tabs might break, but those are not really nice websites anyways.

Alternatively, have some UI way of depicting that one tab is a child of another tab, so share the same cookie jar.  Maybe each window has its own cookie jar.

Clicking on a link that exits the current website also creates an empty cookie jar for the new website, preventing cross site cookies.  Pressing "back" restores the old cookie jar.  Pressing "forward" restores the new cookie jar.

Also consider not setting HTTP Referer when following a link that exits the website.  So HTTP Referer would only be set for internal links and embedded content (e.g., images).

Perhaps the UI always opens a new window when exiting a website to make it more clear that it is a new cookie jar.  User configurable.

UI for user to manually specify transferring over cookies to another tab.

Also, things other than cookies that act like cookies, e.g., beacon images.

No comments :