A partial archive of discourse.wicg.io as of Saturday February 24, 2024.

Sensitive page header

OpenLocationServices
2018-08-18

Browsers like Google Chrome and Mozilla Firefox support 3rd party extensions which can read the page’s content, record requests etc. Some pages like banking websites are extremely sensitive and would like extensions to not have access to them because of the high risk.

A new header should be able to address these concerns. The new header will prevent extensions from reading or interfering with the page’s requests. The user could override it after accepting a warning that explains the risks associated with enabling.

A header “sensitive: true” would be suitable for this.

DanielHerr
2018-08-18

How do you propose to prevent abuse, for example by sites which want to prevent users from blocking their ads?

OpenLocationServices
2018-08-18

Unfortunately it is difficult. For websites with legitimate use cases, it is necessary. It’s just a matter of time with the amount of extensions users have that one malicious one steals passwords and it makes to the headlines.

There has to be a trade-off for sensitive stuff like this. An abusive website preventing users to block ads would be far better scenario than a massive breach of personal financial information. Mozilla’s web browser Firefox already booted 20 extensions for tracking users. Just imagine if they were gathering the bank login details etc.

Garbee
2018-08-19

This is explicitly against web standards. Users have the ultimate control over what is allowed to run, period.

Yes, extensions can be used broadly to collect sensitive information. But so can software installed at the OS level. Security is very difficult, but we shouldn’t go giving sites control to demand resources from users they may not be willing to provide. The web makes the trade-off that yes, users may install things that compromise security. But because of that, they are also able to install things that improve their security, performance, and save them money (bandwidth isn’t free, some people pay seriously for it. Ads add to their cost as end-users.)

The trade-off decision has been made and should continue to be upheld, allow users to do what is best for them. They have control, it is their resources and experience.

OpenLocationServices
2018-08-19

They should be allowed to run, after being warned.

DanielHerr
2018-08-20

My idea for how this could be done would be to show a prompt or notification independently of the page load status informing the user that the site contains sensitive content and giving them the option to exclude it from access by extensions. The user’s decision should not be exposed to prevent requiring it. Extensions could still access the site when the user invokes them.

Garbee
2018-09-13

This is the equivalent of an evil bit. If it triggers a notification to block extensions, well, everyone will turn it on because we’re all sensitive aren’t we? Then users are annoyed by even more permission requests and become trained to ignore the prompts entirely.

We need to work to help provide users with what they need to make an informed decision. Not train them to ignore more things built to help them be secure.