hadleybeeman
commented
6 years ago Hello! The TAG discussed this today.
Good work here; your analysis seems sensible. I'm not aware of a better fallback mode than keeping the feature consistent. I also like the idea of letting a UA override that if they choose (presumably with the user); that lets a particularly privacy-conscious browser offer the user different choices ("You are in Germany; do you want your keyboard to return DE-QWERTZ in incognito mode?")
Also it's worth noting that "not revealing info about the user" isn't the only purpose for privacy modes. It's useful that you makes it clear that's the one you have in mind.
garykac
The purpose of incognito mode is to not reveal information about the user.
This API design has aspects that help hide individual users and other aspects that can be revealing.
For example, by always returning the highest-priority ASCII capable layout, it does not reveal information about the current layout or about the set of installed layouts, both of which would reveal more information about the user if we provided that information.
On the other hand, users who's current layout does not match the norm for the locale where they are located may stand out. For example, a UK use traveling in the US. Or someone who used the Dvorak layout.
If incognito mode is to help "normalize" these outliers, then it would need to be able to provide a normalized value. But that normalized value is not the same for all locations.
If we, for example, had incognito mode always return US-QWERTY layout information, than that would work well for everyone in the US and most parts of the world (which have US-QWERTY as a fallback). But it would not work for many places in Europe (e.g., UK, France, Germany) since most users in those locations would have a browser that returned UK-QWERTY, FR-AZERTY, DE-QWERTZ or whatever.
Anyway, unless we have an obvious "better" choice for incognito, the fallback of treating incognito the same as normal browsing seems to be the best course of action. Note that user agents, if desired, can always give users the option of returning a "normalized" value.