Most of the time I’m on the web, I just want to read something. I think it would be nice to have a modified mode that strips out the parts of HTTP and HTML that lend themselves to abuse.
Some people handle this problem by manually disabling things in the browser’s settings, but that is cumbersome, and some “features” cannot be disabled. The most popular approach is to use 3rd-party privacy add-ons in the browser, but God only knows what some of those things get up to.
This protocol modification (lets make it sfwb://, for safe web) would serve as a browser-enforced contract that makes the HTTP request and the HTML document far less capable of abusing your privacy or your computer.
On an sfwb:// request (basically still HTTP), the browser will enforce the following:
- no cookie information is sent, all received cookie information is discarded
- to neuter web beacons, no linked assets (images, audio, iframes, etc.)
- all media assets (images, audio, etc.) to be embedded into document as base-64 data URIs (to supplement rule #3)
- perhaps this is paranoia, but disable caching to prevent security leaks in non-SFWB pages from inspecting the cache or history of SFWB documents
Of course the commercial content portals of the web will have nothing to do with this, but that is fine. This idea is for people who just want to publish something to share with their security and privacy conscious peers. It would also be handy for safely rendering rich e-mails inside the browser without having to resort to document scrubbing.