- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Mon, 14 Sep 2009 07:38:31 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/webstorage In directory hutz:/tmp/cvs-serv4630 Modified Files: Overview.html Log Message: Tidy up the cookie resurrection text. (whatwg r3838) Index: Overview.html =================================================================== RCS file: /sources/public/html5/webstorage/Overview.html,v retrieving revision 1.75 retrieving revision 1.76 diff -u -d -r1.75 -r1.76 --- Overview.html 8 Sep 2009 21:58:33 -0000 1.75 +++ Overview.html 14 Sep 2009 07:38:29 -0000 1.76 @@ -265,8 +265,7 @@ <li><a href="#privacy"><span class="secno">6 </span>Privacy</a> <ol> <li><a href="#user-tracking"><span class="secno">6.1 </span>User tracking</a></li> - <li><a href="#cookie-resurrection"><span class="secno">6.2 </span>Cookie resurrection</a></li> - <li><a href="#sensitivity-of-data"><span class="secno">6.3 </span>Sensitivity of data</a></ol></li> + <li><a href="#sensitivity-of-data"><span class="secno">6.2 </span>Sensitivity of data</a></ol></li> <li><a href="#security"><span class="secno">7 </span>Security</a> <ol> <li><a href="#dns-spoofing-attacks"><span class="secno">7.1 </span>DNS spoofing attacks</a></li> @@ -676,14 +675,17 @@ <dt>Treating persistent storage as cookies</dt> <dd> - <p>User agents should present the + <p>If users attempt to protect their privacy by clearing cookies + without also clearing data stored in the + - persistent storage feature - to the user in a way that associates them strongly with HTTP - session cookies. <a href="#refsCOOKIES">[COOKIES]</a></p> + persistent storage - <p>This might encourage users to view such storage with healthy - suspicion.</p> + feature, sites can defeat those attempts by using the two features + as redundant backup for each other. User agents should present the + interfaces for clearing these in a way that helps users to + understand this possibility and enables them to delete data in all + persistent storage features simultaneously. <a href="#refsCOOKIES">[COOKIES]</a></p> </dd> @@ -741,12 +743,7 @@ retroactively). This information can then be shared with other sites, using using visitors' IP addresses and other user-specific data (e.g. user-agent headers and configuration settings) to combine - separate sessions into coherent user profiles.<h3 id="cookie-resurrection"><span class="secno">6.2 </span>Cookie resurrection</h3><p>If the user interface for persistent storage presents data in the - persistent storage features described in this specification - separately from data in HTTP session cookies, then users are likely - to delete data in one and not the other. This would allow sites to - use the two features as redundant backup for each other, defeating a - user's attempts to protect his privacy.<h3 id="sensitivity-of-data"><span class="secno">6.3 </span>Sensitivity of data</h3><p>User agents should treat persistently stored data as potentially + separate sessions into coherent user profiles.<h3 id="sensitivity-of-data"><span class="secno">6.2 </span>Sensitivity of data</h3><p>User agents should treat persistently stored data as potentially sensitive; it's quite possible for e-mails, calendar appointments, health records, or other confidential documents to be stored in this mechanism.<p>To this end, user agents should ensure that when deleting data,
Received on Monday, 14 September 2009 07:38:42 UTC