I am extending the scope of the question a bit, as clicking panic button does guarantee the user will not be caught.
There are multiple concerns in this problem that needs to be issued depending on the risk and how compute literate is the user.
As such, it might be a good idea to give the user some basic security knowledge in the friendliest way possible. Even though the user is under high stress, it is better for them to know what traces they can leave behind.
Traces
Browsing History
At any time the user uses your website without private browsing, it will leave very obvious traces. There is no proper way of detecting if the browser in running in private mode, but you can have a warning in the entrance that they should be switching to the private mode, as well as deleting the current history of entry. You can prepare some screenshots to for the user to follow to delete the history, (or if available, deleting only the entry to the site)
Cookies
If you make use of cookies, the next person can get those cookies (even though they are expired), and can understand that this site has been used. If you can, make use of custom headers for authorization, which will leave no trace in the computer.
This can force you to change the structure of the application which might not be a good idea. Only setting cookies in the browser after you make sure the user is using a private browsing session.
Caching
A tech-savy person can detect if the site has been visited if you make use of caching by opening the page and inspecting network. Make sure you explicitly instruct browser not to cache by using those headers in your responses:
'Cache-Control: no-cache, no-store, must-revalidate'
'Pragma: no-cache'
'Expires: 0'
Back button
Upon changing pages, every page will be put in the current history (even in the private browsing session), allowing back button be used. If you can, make use of replaceState
on every page change so that back button will be broken.
Encryption
Use HTTPS to prevent eavesdropping. Note that DNS queries will still go unencrypted, but I don't think this will be a problem unless the user are leaking governmental stuff. If that's the case, a website wouldn't be safe enough anyway.
In general, those should be sufficient to remove the traces, also make sure you are not using other persistence layers like localStorage
.
Panic Button
This is a totally different problem and we need to include multiple things into our calculation.
First off, if this is a life threatening scenario, we must understand that the user will be under utter stress when they need to launch the panic exit
. We don't know how the computer screen is positioned, and we cannot guess what is the user doing in the time of the panic.
Screen Positioning Issues
The worst case would be that the screen would be positioned in a way that threat can see (from a distance) the screen and the site. If that is the case, the site should be designed in a way that it will look very similar to the exit site
in order to remove any suspicion. Moving away from a different design to white Google will be noticeable even the screen is not directly visible by just comparing the colors that the screen was emitting between two sites (in a reasonably dark room).
Exit Speed
If you just make a redirect, it might not be fast enough to make the change in time. You must preload the exit side in an iframe, and in the time of panic, you should put that in full screen, then make the redirection. This will both help on caching the exit sites static contents, and make the things look faster. Make sure you use replaceState
instead of natural navigation to disable back button.
Exit Routes
You must make sure that the exit routes will be available immediately and easily for the user to hit. I think the most possible two states are either the user is typing, or the user is navigating. Which means you should have both keyboard shortcut for exit and a big button in your HTML.
Keyboard Exit
I think using either hitting the ESC key twice should trigger it, or holding one of the big keys should (like space or enter). Either way, you should let the user know about this, and possibly, let them train themselves by trying.
Trying panic exits will both help them in anticipating behaviour on panic to make a good reasoning (Having the behaviour expected could be relieving), and they will be trained to do so, such that they will be more likely to do it properly in the panic time.
Mouse Exit
This is going to be pretty straightforward, have a big, different colored button that will trigger the panic.
Where to Exit?
That depends on the case, by design it might be sensible to make a redirect to a commonly used, similarly designed site by default. It might also be sensible to allow the user to choose the exit site by themselves (after making a sane default).
Notes
- If the user is using private browsing and panics, the browser will still be on private browsing state, which might arouse suspicion. There is no easy way around it. You can try to instruct user to clear the history afterwards, but they might not have enough time for it.
- Most of the answer focuses on desktop browsers, the experience on a mobile device will be different, but not very much.