While Ajax and other dynamic network request methods have become an obviously critical part of the web, they are a real privacy concern. People may not even be aware that a web app can take a snapshot of the data they have typed before even clicking any button to submit a form, they may not be aware that their mouse tracking can be sent to a server, etc.
Of course there is NoScript, but I think sites ought to be able to submit themselves to restrictions which can lead to the browser assuring the user that the site in question will not abuse their privacy, and only submit data back to the server if approved (with developers at least, being able to inspect the request or response payload) and/or receive back data if approved. I've requested this on the WhatWG list at: http://comments.gmane.org/gmane.org.w3c.whatwg.discuss/41774 Feedback welcome! _______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
