govuk-design-system icon indicating copy to clipboard operation
govuk-design-system copied to clipboard

Published 20 hours ago verified publisher icon alphagov

Propose a native HTP button to browser specs

Open owenatgov opened this issue 2 years ago • 0 comments

What

Make a proposal to browser vendors/browser specs for them to incorporate a native hide this page button into browser software.

A potential way this could work is:

  • Browsers look for an attribute on a a given page's body eg: hide-this-page="true"
  • If the attribute exists, browsers display a hide this page button in the software, potentially with some messaging
  • Upon activating the button, users are taken off the current website, similar to our current implementation of HTP
  • Browsers can set the button to both bypass popup blocking and clear history from the domain the button was pressed on. These enhancements could potentially be managed by attributes in the body.

Why

This is based on a hypothesis that by letting browser vendors handle this feature, they can ring-fence the functionality and more easily distribute it to users. During the HTP prototyping work, an issue we ran into was that certain enhancements weren't viable because they ran counter to browser rules. Examples of this were:

  • Trying to erase the history of a service. We couldn't erase history completely and could only "erase" one page at a time, which didn't make a significant difference as most services are multi-page and would potentially give vulnerable users a false sense of security.
  • A keyboard shortcut to activate the button. If the user uses the keyboard shortcut without interacting with the page ie: scrolling, clicking, moving focus etc, this triggers browser's popup blocker functionality as they presume this is an attempt to use malicious js to trick the user. This messes with the flow of HTP and at best confuses the user, at worst puts the user in danger.

From research into hide this page so far, it emerged that users already have existing strategies for covering their tracks and keeping anonymous online however it is often entirely down to that user to work out and manage successfully, putting them at further risk. There is an additional nuance that users may not realise they're at risk until prompted by online safety content. A broader hypothesis is that by browsers doing more to incorporate and promote online safety, it will both improve protection of users and make online safety a more prominent.

Considerations

  • This is not a proposal instead of the current HTP work but a long term solution to explore
  • It may be useful to get backing on this before making the proposal from, eg, 1 or more W3C members and/or other government teams and charities
  • This should be approached from the spec side over the browser vendor/software side
  • This should probably be filtered into existing online anonymity and online safety spaces such as incognito mode

Things to do

  • [ ] Work out where this proposal needs to go
  • [ ] Make contact with charities and gov teams who would have an interest in this
  • [ ] Seek interest with w3C members
  • [ ] Make proposal

owenatgov avatar Jun 30 '22 09:06 owenatgov