From d9dca576b32d7e8cbcfc74ec989b01e4e1b70a67 Mon Sep 17 00:00:00 2001 From: Johann Hofmann Date: Mon, 8 Jun 2026 10:29:52 -0400 Subject: [PATCH 1/2] Add a section for private browsing to S&P considerations --- index.bs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/index.bs b/index.bs index 45b4dce..095eb42 100644 --- a/index.bs +++ b/index.bs @@ -1083,6 +1083,13 @@ This creates a personalization-to-fingerprinting pipeline where sites can extrac TODO: Document risks and implications of [=agents=] carrying state from one origin to another. Detail how tools executed on one origin may carry state from another origin, potentially leading to data leakage or same-origin policy bypasses if not handled securely by the [=user agent=]. This section should probably talk about the WebMCP permissions policy and other cross-origin opt in mechanisms.

+

Interaction with Private Browsing Modes

+ +Many user agents provide ephemeral, short-lived, "Private" or "Incognito" browsing modes that are disconnected from a user's primary profile, in that they do not share the same history or web-accessible storage. +Users generally expect this boundary between regular and private browsing to be maintained and protected by the user agent. Exposing [=agents=] to private browsing activity (e.g. by giving them access to WebMCP +tools in private browsing) may inadvertently leak information across this boundary and lead to unauthorized joining or retention of private browsing data. Users agents are responsible for ensuring that their +respective private browsing modes are safely exposed to [=agents=] and that these agents have the ability to responsibly handle private browsing information. +

Mitigations

Restricting maximum input lengths

From a8435d9440b37d3dd01dccc02a58f363216d82e0 Mon Sep 17 00:00:00 2001 From: Dominic Farolino Date: Mon, 8 Jun 2026 13:24:34 -0400 Subject: [PATCH 2/2] Small nits --- index.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.bs b/index.bs index 095eb42..02bdb03 100644 --- a/index.bs +++ b/index.bs @@ -1085,8 +1085,8 @@ This creates a personalization-to-fingerprinting pipeline where sites can extrac

Interaction with Private Browsing Modes

-Many user agents provide ephemeral, short-lived, "Private" or "Incognito" browsing modes that are disconnected from a user's primary profile, in that they do not share the same history or web-accessible storage. -Users generally expect this boundary between regular and private browsing to be maintained and protected by the user agent. Exposing [=agents=] to private browsing activity (e.g. by giving them access to WebMCP +Many user agents provide ephemeral, short-lived, [private browsing modes](https://w3ctag.github.io/private-browsing-modes/) that are disconnected from a user's primary profile, in that they do not share the same history or web-accessible storage. +Users generally expect this boundary between regular and private browsing to be maintained and protected by the user agent. Exposing [=agents=] to private browsing activity (e.g., by giving them access to WebMCP tools in private browsing) may inadvertently leak information across this boundary and lead to unauthorized joining or retention of private browsing data. Users agents are responsible for ensuring that their respective private browsing modes are safely exposed to [=agents=] and that these agents have the ability to responsibly handle private browsing information.