- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Thu, 3 Sep 2009 10:20:35 -0400
On Thu, Sep 3, 2009 at 8:56 AM, Ian Hickson<ian at hixie.ch> wrote: > The fact that local storage can be used for cookie resurrection means we > have to make sure that clearing one clears the other. Anything else would > be a huge privacy issue (just as Flash has been). The *only* reason Flash is a privacy issue is because there's no easy way for users to clear its storage. The issue here isn't the technical details of how the storage works, but the UI. Adobe, for whatever reason, has chosen not to bother with helping Flash users preserve their privacy, and because of lock-in, browser vendors are unable to do anything about it. All major browser vendors have a track record of going to great lengths to ensure that their users' privacy is protected from third-party websites. I think it's safe to say they'll compete to create good UI in this case -- even if technically, the functionality of HTML 5 localStorage is identical to that of Flash local storage. The spec doesn't need to try specifying UI here (especially since it seems like it will be ignored). > Not necessarily indistuingushable, but the point is that the user > should have a clear indication that just clearing cookies is pointless if > the rest of the site's data isn't cleared also. Users might wish to clear their cookies for reasons other than privacy, such as because they're having login problems.
Received on Thursday, 3 September 2009 07:20:35 UTC