W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2009

[whatwg] Web Storage: apparent contradiction in spec

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 14 Sep 2009 07:34:42 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0909140721490.14605@hixie.dreamhostps.com>
On Thu, 3 Sep 2009, Tab Atkins Jr. wrote:
> >
> > Flash's privacy problem can be removed by uninstalling Flash. They're 
> > not a license to add more privacy problems to the platform.
> 
> And more-than-a-cache-Storage can be explicitly turned off or have its 
> quota dropped to zero.  If that's important, the browsers will make it 
> easy.  And more importantly, they'll make it *consistent* (within the 
> browser), rather than the user having to figure out how to do it within 
> Flash, then possibly within the next technology that hacks around this 
> lack in browser technology, and the next one...
>
> > But I'm not speccing something that so blatently allows users to be 
> > tracked without their consent -- and worse -- despite their attempts 
> > to stop it.
> 
> It doesn't 'allow users to be tracked without their consent' any more 
> than cookies by themselves do.

It's the second part that's the problem.


> If this is important, browsers will expose the ability to blow away all 
> of a site's storages at once.

Right, that's what the spec encourages.


> You're seem to be assuming that either permanent Storage is *really* 
> permanent, or that browsers will never expose a way to delete that data 
> to the user (which amounts to the same).

Then I'm not expressing myself way. My concern is just that users will not 
realise that clearing away cookies doesn't stop sites from tracking them 
as it used to.


> Would an approach like the <input type=save> be okay, where the user has 
> to explicitly take an action to enable permanent Storage for a site the 
> first time?

There are plenty of use cases where there's nothing to explicitly save, so 
no, I don't think that would work.


> That makes simple navigation exactly as safe as it is today, where 
> cookies can leak privacy but they can be wiped. You have to actively opt 
> in to reducing your privacy.  I *want* to be able to reduce my privacy 
> for sites that I trust.

Nothing is stopping you, is it?


On Thu, 3 Sep 2009, Peter Kasting wrote:
> On Thu, Sep 3, 2009 at 5:17 PM, Ian Hickson <ian at hixie.ch> wrote:
> > On Thu, 3 Sep 2009, Peter Kasting wrote:
> > >
> > > Something like this would be more clear: "If users attempt to 
> > > protect their privacy by clearing cookies without also clearing 
> > > persistent storage data, sites can defeat those attempts by using 
> > > the two features as redundant backup for each other.  User agents 
> > > should present the interfaces for clearing these in a way that helps 
> > > users to understand this possibility and enables them to delete data 
> > > in both simultaneously."
> > >
> > > IMO this achieves what you're trying for while leaving the actual UI 
> > > design as open as possible.
> >
> > Do you mean this as a repalcement or in addition to what's in the spec 
> > now?
> 
> Replacement.

Ok, done.


> > For the Cookie Resurrection section or the User Tracking section?
> 
> Cookie resurrection section.  Although because the comments in both 
> sections are so similar, I'm not sure I see value in having two 
> sections.  Just having one, which has this text, seems fine.

Merged them together.

Cheers,
-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 14 September 2009 00:34:42 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:52 UTC