[russley]

I think a lot of it has to do with consumer expectations. We can all sit here and laugh and act unsurprised, but technology has conditioned users that the response isn't sent until you press "Send". Its bad (and I'd argue harmful) UX.

Imagine this scenario: Copying and pasting a debug log, realizing it contains personal or important information (such as password, SSN, or anything else) and it is sent to the agent before you have a chance to redact that info. Or it could be accidentally pasting the wrong thing. I know that I've accidentally pasted Twitter links into my code before.

EDIT: Just to clarify my point. If you're going to break deeply entrenched user expectations, especially in ways that are often used maliciously: explicitly say you are subverting those expectations.

The same reason there are "This call may be recorded" messages when calling in, it shouldn't hurt much to add a "For quality assurance purposes, your keypresses may be logged in the chat window".

And if it does hurt, then you should realize your subversion is malicious.

[abugheratwork]

I think you're right. I also think the browser, as your agent, should enforce expectations. "This website wants to upload data. Allow? [Once] [Always] [No] [Click here to see the data.]"

[slavik81]

Unfortunately, you'd have to prohibit downloads as well, as the request sent to the server could contain information.

[bradknowles]

Of course it's malicious. But it's so profitable!