- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Sat, 4 Jul 2015 12:35:01 -0700
- To: Harald Alvestrand <harald@alvestrand.no>
- Cc: public-media-capture@w3.org
Received on Saturday, 4 July 2015 19:35:30 UTC
On Jul 4, 2015 3:01 AM, "Harald Alvestrand" <harald@alvestrand.no> wrote: > Seems good on first glance. Does the persistence last until cookies are > cleared? Yes. All persisted site data needs to share fate with cookies, at least the new stuff. > The only privacy consideration I can think of is that an origin can tell > whether or not the user has (since last cookie clearing) given > permission for any device in the past; I can't see an attack offhand > that can be launched based on that information that wouldn't also be > launchable by setting a cookie. We do have some inconsistency between different pieces of state. I believe that Firefox maintains history, cookies, and permissions separately. A naive implementation should be ok though. If the persisted state is dropped, but the permissions retained, the identifiers will be unstable until the API is used again. If that sounds like a problem, I don't think so, given how likely that is in practice.
Received on Saturday, 4 July 2015 19:35:30 UTC