Security and usability

[Datschge]

CC'ing kfm-devel

Interesting discussion so far, but I think we should think more about what 
kind of issues endangering privacy there actually are, the technology itself 
per se is usually not at fault. When clarifying that we can then conclude 
which sane defaults to use, respecting both privacy and usability.

My impression is that the saving or logging of data is fine for most users as 
long as it's limited to sites they themselves decide to visit. The (feeling 
of) loss of privacy is mostly only involved as soon as an unknown 
non-obvious/hidden middle man/third party is able to save or log data which 
is not really related to the site a user intended to visit.

The mix of site data the user intended to visit and embedded data which is 
delivered by third parties mostly unknown to the user is very common 
nowadays. Possible ways are:

* Embedding of "foreign" (ie. not located on the domain the user intended to 
visit) html data using frames, iframes and layers, eg. for advertisements.
* Embedding of "foreign" data like pictures, java, flash, eg. for 
advertisements, so called web bugs etc.
* Embedding of "foreign" JavaScript, eg. for displaying advertisements as 
embedded html, pictures or embedded flash/shockwave coupled with cookie data 
saving.

They all have in common that they are mostly used for sharing visitor related 
data, which is normally only available to the visited site, with third 
parties the visiting user is not aware of.

To preserve the feeling of privacy for the user would imo consequently mean 
that only those site data the user explicitely wish to visit are loaded and 
saved. This would lead to following default settings (note that those 
suggested features are afaik not implemented in Konqueror currently):

* Loading requested data of any kind from domains other than the visited one 
(aka "foreign" data): Deny
* JavaScript Web Popups Policy: Smart (ie. only popups the user asked for or 
located on the same domain as the visited one should be opened)
* Cookies: Only accept cookies from originating server, Accept all cookies by 
default (since only explicitely visited sites will be able to create and 
access them at all when  requested data of any kind from domains other than 
the visited one are rejected by default)

I would assume this defaults would cover most privacy issues with the open 
internet while still allowing self-containing web sites (ie. sites which 
store all the necessary data within their own domain including subdomains, 
imo still by far the majority of sites on the net) to work perfectly and 
stopping bothering the users with configurations options in most if not all 
cases.

Thoughts?

Cheers, Datschge =)