|Internet-Draft||Web Feed Privacy||June 2022|
|Nottingham||Expires 23 December 2022||[Page]|
- Network Working Group
- Intended Status:
- Best Current Practice
Privacy Considerations for Web Feed Readers
This specification collects privacy-enhancing guidelines for Web feed readers.¶
About This Document
This note is to be removed before publishing as an RFC.¶
Status information for this document may be found at https://datatracker.ietf.org/doc/draft-nottingham-feed-privacy/.¶
information can be found at https://mnot.github.io/I-D/.¶
Source for this draft and an issue tracker can be found at https://github.com/mnot/I-D/labels/feed-privacy.¶
Note to Readers
This draft is a quick straw-man; it is intended to assess implementer and community interest in the topic, not to state concrete requirements (yet). Feedback much appreciated.¶
Status of This Memo
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 23 December 2022.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Many web sites offer a feed of updates to their content, using [ATOM] or [RSS]. While they are consumed in a variety of ways and for a variety of purposes, web feeds are often presented to users by dedicated software, colloquially known as a "feed reader."¶
Feed readers use HTML and HTTP, and can be considered as part of the web, but one that is distinct from web browsers. Unlike browsers, feed readers do not easily facilitiate cross-site tracking or behavioural advertising, because their capabilities are more limited, thereby establishing an alternative, more privacy-respecting web platform.¶
At the same time, browsers are protecting privacy in increasingly sophisticated ways; for example, by taking steps to prevent active fingerprinting [FINGERPRINTING].¶
This specification seeks to codify these privacy-enhancing distinctions while incorporating browser's privacy advances by offering a definition for "feed reader" in Section 2, providing guidelines for how they make requests in Section 3, and providing guidelines for their handling of content in Section 4.¶
1.1. Notational Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
2. Feed Readers
A feed reader acts as a user agent (per [HTTP]) that consumes and presents information from documents in [ATOM], [RSS], and/or similar formats to users.¶
A feed reader might be local software program on a host that the user controls, or a remote service that they access over the Internet, such as through a web browser. Typically, a feed reader will allow the user to subscribe to URIs that identify feeds, and regularly poll those URIs for new content. When a feed entry has already been seen, a reader might keep this state.¶
Feed readers make HTTP requests and parse, render and display HTML content (including some embedded content). Users can also follow links from content in a feed reader.¶
3. Making Feed Requests
When a feed reader makes a request for a feed document, privacy can be impacted in several ways. This section contains guidelines for such requests; note that they do not apply to requests for embedded content and user-initiated navigation to links in content (see Section 4).¶
In HTTP, encryption protects communication from observation and modification, and is used to establish the identity of the server. Feed readers, therefore, are expected to follow best current practice for encryption, as captured in the relevant RFCs and industry practice.¶
This includes implementation of the most recent version of TLS (as of this writing, [TLS13]), the Strict-Transport-Security mechanism [HSTS], and Certificate Transparency checking [TRANS].¶
Feed readers SHOULD NOT include more significant detail than an identifier for the software being used and its version. In particular, detail about libraries used and other aspects of the environment can contribute to the formation of an identifier for the user.¶
3.5. Client IP Address
Feed readers SHOULD take steps to prevent servers hosting feeds from using the client's IP address to identify them or track their activity. For example, [MASQUE] might be used to this end.¶
4. Handling Feed Content
When a feed reader displays a feed content (including an individual feed entry) to its user, interaction with the feed's server is limited in several ways to reduce privacy impact. This section outlines those limits.¶
4.1. Requesting Remote Resources
Feed readers MAY make requests for remote resources that are explicitly part of the feed or feed entry's metadata. For example, a feed reader might fetch the URL in the atom:logo element (defined in Section 4.2.7 of [ATOM]) in order to present it to the user.¶
Feed readers MAY make requests for remote resources that are embedded in feed content. However, the user MUST be able to control this behaviour.¶
4.2. Executing Scripts
When handling feed content, feed readers MUST NOT execute embedded or linked scripts.¶
Feed readers MUST NOT trigger reporting mechanisms designed for Web browsers when handing feed content. For example, [NEL], [CSP].¶
4.4. Following Links
When a user explicitly follows a link in a feed reader, their expectation will be that it either opens in their preferred Web browser, or that the resulting functionality is equivalent (e.g., a browser embedded in the feed reader). Once a link is followed, the feed reader is no longer handling feed content; the user's activity is now either in a separate Web browser, or in an embedded web browser that is considered a distinct context.¶
Therefore, the context used to follow a link MUST be separate from that used to make requests for feed documents. In particular, separate underlying connections are to be used, and no state such as cookies is to be shared.¶
5. IANA Considerations
This document has no actions for IANA.¶
7.1. Normative References
- Hodges, J., Jackson, C., and A. Barth, "HTTP Strict Transport Security (HSTS)", RFC 6797, DOI 10.17487/RFC6797, , <https://www.rfc-editor.org/rfc/rfc6797>.
- Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
- Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/rfc/rfc8174>.
- Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, , <https://www.rfc-editor.org/rfc/rfc8446>.
- Laurie, B., Messeri, E., and R. Stradling, "Certificate Transparency Version 2.0", RFC 9162, DOI 10.17487/RFC9162, , <https://www.rfc-editor.org/rfc/rfc9162>.
7.2. Informative References
- Nottingham, M., Ed. and R. Sayre, Ed., "The Atom Syndication Format", RFC 4287, DOI 10.17487/RFC4287, , <https://www.rfc-editor.org/rfc/rfc4287>.
- Chen, L., Englehardt, S., West, M., and J. Wilander, "Cookies: HTTP State Management Mechanism", Work in Progress, Internet-Draft, draft-ietf-httpbis-rfc6265bis-10, , <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-10>.
- West, M., Barth, A., and D. Veditz, "Content Security Policy Level 2", World Wide Web Consortium Recommendation REC-CSP2-20161215, , <https://www.w3.org/TR/2016/REC-CSP2-20161215>.
- Doty, N., "Mitigating Browser Fingerprinting in Web Specifications", World Wide Web Consortium NOTE NOTE-fingerprinting-guidance-20190328, , <https://www.w3.org/TR/2019/NOTE-fingerprinting-guidance-20190328>.
- Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, Ed., "HTTP Semantics", STD 97, RFC 9110, DOI 10.17487/RFC9110, , <https://www.rfc-editor.org/rfc/rfc9110>.
- Schinazi, D., "Proxying UDP in HTTP", Work in Progress, Internet-Draft, draft-ietf-masque-connect-udp-15, , <https://datatracker.ietf.org/doc/html/draft-ietf-masque-connect-udp-15>.
- Creager, D., Grigorik, I., Tuttle, J., Reitbauer, A., Jain, A., and J. Mann, "Network Error Logging", World Wide Web Consortium WD WD-network-error-logging-1-20180925, , <https://www.w3.org/TR/2018/WD-network-error-logging-1-20180925>.
- RSS Advisory Board, "RSS 2.0 Specification", , <https://www.rssboard.org/rss-specification>.