- From: Dominique Hazael-Massieux via GitHub <sysbot+gh@w3.org>
- Date: Fri, 11 Mar 2016 08:41:13 +0000
- To: public-media-capture-logs@w3.org
Re cookies and persistent storage, as the [Web storage spec](https://html.spec.whatwg.org/multipage/webstorage.html#privacy) states: > Treating persistent storage as cookies > > If users attempt to protect their privacy by clearing cookies without also clearing data stored in the local storage area, sites can defeat those attempts by using the two features as redundant backup for each other. User agents should present the interfaces for clearing these in a way that helps users to understand this possibility and enables them to delete data in all persistent storage features simultaneously. In practice, we already have [text to that effect for `deviceId`](http://w3c.github.io/mediacapture-main/getusermedia.html#widl-MediaDeviceInfo-deviceId): > Since deviceId may persist across browsing sessions and to reduce its potential as a fingerprinting mechanism, deviceId is to be treated as other persistent storage mechanisms such as cookies So I think we "just" need to remove the binding to permission grant and browsing session and should be good. -- GitHub Notification of comment by dontcallmedom Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/322#issuecomment-195258989 using your GitHub account
Received on Friday, 11 March 2016 08:41:15 UTC