Re: [WebSQL/IndexedDB] Privacy issues in the wild from Jeremy Orlow on 2010-09-08 (public-webapps@w3.org from July to September 2010)

From: Jeremy Orlow <jorlow@chromium.org>
Date: Wed, 8 Sep 2010 10:51:52 +0100
To: Nathan Kitchen <w3c@nathankitchen.com>
Cc: public-webapps@w3.org
Message-ID: <AANLkTi=KA89arqT5+R50iWsuuqu+R3-1c=u4KBQ8JG4Z@mail.gmail.com>

On Tue, Sep 7, 2010 at 7:51 PM, Nathan Kitchen <w3c@nathankitchen.com>wrote:

> Hi all.
>
> Stumbled across this article on Ars Technica regarding the abuse of the
> WebSQL spec. I thought I'd share it here for a couple of reasons:
>
>    1. Someone might want to point out that it's part of the Offline
>    Storage Spec, not strictly HTML5.
>
> HTML5 is a buzz word.  Like AJAX or LAMP.  Very few people in this world
(should) care about precisely what spec something came from.

>
>    1. Security implications may inform some aspects of the spec.
>
> http://dev.w3.org/html5/webstorage/#user-tracking and
http://dev.w3.org/html5/webdatabase/#user-tracking already addresses EXACTLY
this.  I don't think there's anything to do from a spec standpoint.

>
>
> Article: *Advertisers get hands stuck inside HTML5 database cookie jar* (
> http://arstechnica.com/apple/news/2010/09/rldguid-tracking-cookies-in-safari-database-form.ars
> )
>
> Thanks.
>
> Nathan
>

Received on Wednesday, 8 September 2010 09:53:50 UTC