W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2010

Re: [WebSQL/IndexedDB] Privacy issues in the wild

From: Nathan Kitchen <w3c@nathankitchen.com>
Date: Wed, 8 Sep 2010 11:59:25 +0100
Message-ID: <AANLkTikfctHr+9bwyc_ue5UNOW7eDChtHdpFQVCWAFQc@mail.gmail.com>
To: Jeremy Orlow <jorlow@chromium.org>, public-webapps@w3.org
Thanks, I posted a comment on the original article to shed some light on
this. Looks like the iOS implementation either doesn't follow the
recommendations or doesn't give the user the means (information or
functionality) to prevent user tracking.

Hopefully this will stop people complaining about the spec and encourage
them take up their complaint with the vendors instead.

Cheers.

On Wed, Sep 8, 2010 at 10:51 AM, Jeremy Orlow <jorlow@chromium.org> wrote:

> On Tue, Sep 7, 2010 at 7:51 PM, Nathan Kitchen <w3c@nathankitchen.com>wrote:
>
>> Hi all.
>>
>> Stumbled across this article on Ars Technica regarding the abuse of the
>> WebSQL spec. I thought I'd share it here for a couple of reasons:
>>
>>    1. Someone might want to point out that it's part of the Offline
>>    Storage Spec, not strictly HTML5.
>>
>> HTML5 is a buzz word.  Like AJAX or LAMP.  Very few people in this world
> (should) care about precisely what spec something came from.
>
>>
>>    1. Security implications may inform some aspects of the spec.
>>
>> http://dev.w3.org/html5/webstorage/#user-tracking and
> http://dev.w3.org/html5/webdatabase/#user-tracking already addresses
> EXACTLY this.  I don't think there's anything to do from a spec standpoint.
>
>>
>>
>> Article: *Advertisers get hands stuck inside HTML5 database cookie jar* (
>> http://arstechnica.com/apple/news/2010/09/rldguid-tracking-cookies-in-safari-database-form.ars
>> )
>>
>> Thanks.
>>
>> Nathan
>>
>
>
Received on Wednesday, 8 September 2010 10:59:54 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:40 GMT