- From: Anne van Kesteren <notifications@github.com>
- Date: Fri, 14 Jun 2019 07:19:24 -0700
- To: whatwg/storage <storage@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 14 June 2019 14:19:47 UTC
annevk commented on this pull request. > +<h2>Security and Privacy Considerations</h2> + +<h3>Exposing new data</h3> +Global quota usage is a function of all calls made by an origin to the respective +storage APIs. The number summarizes information that the origin already has +An origin can monitor the change in total quota with every +storage API call to keep a running total. + +<h3>User identification and tracking</h3> +An origin that has data stored on the client (non-zero quota usage) can store a +unique identifier for the user. Instead of using this new API, the origin can +simply read a user ID from IndexedDB, or from Cache Storage etc. In other words, +the new API does not make it any easier to identify or track users. + +<h3>Padding Opaque Responses</h3> +TODO: Recommend padding for opaque responses. This is quite important to add if we're going to say anything at all, in particular as it contradicts some of the information stated above. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/storage/pull/72#pullrequestreview-249931450
Received on Friday, 14 June 2019 14:19:47 UTC