Here is my Bug 660340. I created it after looking at the recent facebook 'enhancements' that makes privacy even more precious (article in French).

We need to quickly find a way to preserve our privacy on the Internet.

Hi,

With the recent threats of the various big internet companies on our privacy, it would be a great enhancement if epiphany allowed to have separate navigation contexts (cookies, HTML5 storage, cache) at will, and easily.

Some companies, especially facebook, and I suppose Google could do that as well, can use all kind of methods to track a user usiquely. using cache, HTML5 storage or cookies. I wonder if they can use the cache as well, but I heard it could be prevented. Firefox does.

One solution to counter these privacy threats is to have a different browser, or different browser profile, for each of the web sites we load. This is however very inconvenient, and it should made easily possible.

First let define the concept of session. A session is almost like a separate instance of the browser. It share bookmark and preferences with other session, but have separate cache, separate set of cookies and separate HTML5 DOM storage.

I imagine the following behaviour, based on the document.domain of the toplevel document:

• If a page is loaded without referrer, and the domain is not associated with an existing session, start a new session for that domain

• If a page is loaded without referrer, and the domain is a domain that is already associated with an existing session, then prompt non intrusively:

  "You already opened a session on example.com."
  Choices: [  Start a new session    ▼ ] [Use this session]
           [[ New anonymous session   ]]
           [  Replace existing session ]
  

  If the session is started anonymously, it would not be considered for reuse

• If a page is loaded using a link from an existing window/tab, and the domain is the same, then share the session

• If a page is loaded using a link from an existing window/tab, and the domain is NOT the same and, then a non intrusive message is displayed:

  "You are now visiting example2.com. Do you want to continue your session
  from example1.com?"
  Choices: [  Start a new session    ▼ ] [Share previous session]
  

  The "Start a new session" dropdown menu changes if the example2.com is already associated with a session or not. If example2.com is associated with a session:

   [[ New anonymous session            ]]
   [  Replace example2.com session      ]
   [  Use existing example2.com session ]
  

  If example2.com is not associated with a session:

   [[ New anonymous session    ]]
   [  New example2.com session  ]
  

The choices in [[xxx]] (as opposed to [xxx]) is the most privacy enhancing one, and would be the default if the user choose in the preferences

[x] allow me not to be tracked

The messages are non intrusive, they can be displayed as a banner on top of the page. The page is first loaded with the default choice, and if the user decides to use the other choice, the page will be reloaded accordingly (or the session will be reassigned).

This setting can traditionally be used to set the do not track header

Every settings should have a setting "do not prompt me again" that could be reset at some point.

About embedded content: Because toplevel pages do not share the same session (toplevel page opened at example.com have a different session than toplevel page opened at blowmyprivacy.org), if a page from example.com have embedded content from blowmyprivacy.org, the embedded content would not be able to track the user, except within the example.com website.

It is possible to imagine global settings that would hide some complexity:

[ ] When I load a page, always associate it with its existing session.
[ ] When I switch website, always reuse the existing session of the new
    website.

This user interface might seem complex at first, but it is far less complex than letting the user deal with different browser profiles by hand. Unfortunately, I don't think we can abstract privacy that easily. Keep in mind that all of these settings would be enabled only if the user choose to enable privacy settings.

I am ready to contribute to the implementation of this highly important feature (important for our future and our privacy). Do you think an extension might be able to do all of that, or do you think the browser code should be modified?

Further possible enhancements:

• Add another choice for anonymous sessions using Tor (or I2P)

• Add the possibility to have multiple session registered with the same domain. This would enable the user to have different profiles for the same website.

What is this all about: web privacy. We are tracked everywhere, and i'd like to help if possible. So, let's design a web browser that for once respects your privacy.

Main features:

• Each website has its own cookie jar, its own cache and its own HTML5 local storage
• History related css attributes are disabled
• External plugins are only enabled on demand
• Support for Tor/I2P is enabled by default
• You have complete control over who receives what information
• Let's you control in the settings if you want to allow referrers or not.
• The contextual menu let's you open links anonymously (no referrer, anonymous session)

The browser is bundled with a particular UI that let you control everything during your browsing session. it is non intrusive and makes the best choice by default. I am thinking of a notification bar that shows at the bottom. I noticed that this place is not intrusive when I realized that the search bar in Firefox was most of the time open, even if most of the time I didn't use it.

First, let's define a session:

• A session can be used my more than one domain at the same time.
• A session is associated to a specific cache storage
• A session is associated to a specific HTML5 storage
• A session is associated to a specific cookie jar
• A session acn be closed. When it is closed, session cookies are deleted from the session
• A session can be reopened. All long lasting cookies, cache, HTML5 storage and such is then used again.
• A session can be anonymous. In such a case, the session is deleted completely when it is closed.
• A session is associated to none, one or more domains. These domains are the domains the end user can see in the address bar, not the sub items in the page.

Sessions are like Firefox profiles. If you iopen a new session, it's like you opened a new Firefox profile you just created. Because people will never create a different Firefox profile for each site.

If we want to protect privacy, when a link is opened, a new session should be created each time. To make it usable to browse web sites, it is made possible to share sessions in specific cases. Let's define the cases where it might be intelligent to share a profile:

• You click a link or submit a form and expect to still be logged-in in the site you are viewing. You don't care if you follow a link to an external page.

  User Interface: If the link matches one of the domains of the session, then keep the session. No UI. If the user wanted a new session, the "Open anonymously" entry in the context menu exists. A button on the toolbar might be available to enter a state where we always want to open links anonymously.

  If the link points to another domain, then open the link in a new session unless "Open in the same session" was specified in the context menu. The UI contains:

  We Protected your privacy by separating <domain of the new site> from
  the site you were visiting previously (<domain of the previous site>).
  
  Choices: [ (1) Create a new anonymous session          | ▼ ]
           | (2) Continue session from <previous domain> |
           | (3) Use a previous session for <new domain> |
           | (4) Use session from bookmark "<name>"      |
  

  The first choice is considered the default and the page is loaded with it. If the user chooses a new option, then the page is reloaded.

  If the user chooses (2), the page is reloaded with the previous session and the user will be asked if "Do you want and to have access to the same private information about you?". Answers are Yes, No and Always. If the answer is Always, then in the configuration, the two domains are considered one and the same.

  The choice (3) will use the most recent session for the new domain. It might be a session currently in use or a session in the history.

  There are as many (4) options as there are bookmarks for the new domain. If different bookmarks share a single session, only one bookmark is shown. This choice will load the session from the bookmark.

  If (3) and (4) are the same sessions, and there is only one bookmark (4), then the (4) option is left out.

• You use a bookmark and expect to continue the session you had for this bookmark (webmails)

  The session is simpely stored in the bookmark. When saving a bookmark, there is an option to store the session with it or not.

  [X] Do not save any personal information with this bookmark
  

• You open a new URL and you might want reuse a session that was opened for this URL.

  The User Interface allows you to restore the session:

  We protected your privacy by not sending any personal information to
  <domain>. If you want <domain> to receive private information, please
  select:
  
  Choices: [ Do not send private information     | ▼ ]
           | Use a previous session for <domain> |
           | Use session from bookmark "<name>"  |
  

If you can see other use cases, please comment on that.

From these use cases, I can infer three kind of sessions:

• Live sessions, currently in use
• Saved sessions, associated to a bookmark
• Closed sessions in the past, accessible using history. Collected after a too long time.

Now, how to implement that? I was thinking of QtWebKit as I already worked with Qt and it's easy to work with.

• We have a main widget: QWebView. We want to change the session when a new page is loaded. So we hook up with the signal loadStarted.
• We prevent history related CSS rules by implementing QWebHistoryInterface, more specifically, we store the history necessary to implement QWebHistoryInterface in the session.
• We change the cache by implementing QAbstractNetworkCache and setting it using view->page()->networkAccessManager()->setCache(...)
• We change the cookie jar by implementing QNetworkCookieJar and setting it using view->page()->networkAccessManager()->setCookieJar(...)
• Change the local storage path using a directory dedicated for the session and using view->page()->settings()->setLocalStoragePath(QString)

After all that, we'll have to inspect the resulting browser to determine if there are still areas where we fail at protecting privacy.

I just moved the site to webgen. For the occasion, forked the project on github and improved a lot of things. As webgen doesn't seem to be alive, I think I'll be the one maintaining it in the future.

I took the occasion to move my website over to my own web server, hosted at home. If I ever find it unsuitable, I can very easily host my website elsewhere as it is just a bunch of static pages.

More to come ...

Continue Reading ...

Quel va être mon vote pour 2012 ? Je ne sais pas encore. Je vous propose de vous guider à travers ma réflexion sur ce sujet. Si vous voulez ajouter un commentaire, n'hésitez pas (il vous faut un navigateur récent).

Les choix sont les suivants:

• Nathalie Arthaud
• François Bayrou
• Nicolas Dupont Aignan
• François Hollande
• Eva Joly
• Marine Le Pen
• Jean-Luc Mélanchon
• Philippe Poutou
• Nicolas Sarkozy
• Jacques Cheminade
• Vote blanc
• Vote nul
• Abstention

La suite ...

Continue Reading ...

Mon vote fut nul.

Voici comment s'est déroulé le choix. Je n'ai finalement pas eu envie de voter pour Nathalie Arthaud ou Philippe Poutou, qui sont les représentats des partis de gauche qu'on connaît déjà. Au dernier moment, j'ai aussi réintégré Eva Joly dans mon choix, malgré que je regrette ce geste. En effet, elle est vraiment pro-europe et anti Le Pen pour des raisons qu'elle n'explique pas. Elle a aussi appelé à voter pour François Hollande au second tour.

Au cours du week-end j'ai eu des doutes quant à voter pour un candidat en particulier, et je me suis demandée si il fallait que je participe à cette mascarade. J'ai donc ajouté la possibilité d'avoir un vote blanc à mon choix.

J'avis donc 4 choix:

• Jaques Cheminade: le candidat du cœur
• Marine Le Pen: le vote utile
• Eva Joly: sympathique (mais contraire à mes idées)
• Vote blanc (représenté par un bulletin de Jean-Luc Mélanchon)

Le tirage au sort à désigné le vote blanc, mais comme j'ai eu du mal à mettre une enveloppe vide dans l'urne, j'ai créé un vote nul avec dans l'ordre un bulletin de Jaques Cheminade et ensuite de Marine Le Pen. Le tout avec un bout de carton pour avoir une enveloppe vraiment rebondie.

Résultat des courses:

• Blancs ou Nuls: 1.52% (700 119 voix)
• Jacques Cheminade: 0.25% (89 572 voix)
• Marine Le Pen: 17.90% (6 421 773 voix)

Source: ministère de l'intérieur

un grand bravo pour Marine le Pen, qui malgré mes désaccords avec elle sur un certain nombre de points est vraiment la leader de la nouvelle opposition au pouvoir en place UMPS, et un merci pour Jacques Cheminade qui représente mes idées parfaitement, et qui à réussi à rester jusqu'à ce moment dans une élections ou les résultats sont joués d'avance.

Note: certains on pu penser que Jacques Cheminade est favorable au nucléaire: c'est vrai, mais pas le nucléaire qu'on connaît. Il parlait bien entandu des réactions nucléaires basse énergies, ou fusion froide (LENR) qui n'utilisent ni ne rejettent aucune particule radioactive. On parle de réaction nucléaire juste parce qu'ils transmutent des atomes d'un élément en un autre.