- From: Victor Costan <notifications@github.com>
- Date: Sat, 25 May 2019 02:55:38 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Saturday, 25 May 2019 09:56:00 UTC
@lknik I'll try to expand on the response to question 3.5 in the security and privacy questionnaire. I don't think we're exposing any new information to origins. Angle 1: Per-system quota usage (IndexedDB vs Cache Storage vs AppCache etc.) is a function of browser implementation (exposed from the user agent) and of all calls made by an origin to the respective storage APIs. The numbers summarize information that the origin already has. Angle 2: An origin that has data stored on the client (non-zero quota usage) can store a unique identifier for the user. Instead of using this new API, the origin can simply read a user ID from IndexedDB, or from Cache Storage etc. For both angles, it's worth noting that when a user wishes to be forgotten by a site and clears the site's data, all client-side storage will be wiped, and the quota details API will report zero usage from all subsystems. Does this help answer your concerns? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/365#issuecomment-495899767
Received on Saturday, 25 May 2019 09:56:00 UTC