Re: [Bug 11606] New: wanted: awareness of non-persistent web storage from Glenn Maynard on 2010-12-28 (public-webapps@w3.org from October to December 2010)

From: Glenn Maynard <glenn@zewt.org>
Date: Mon, 27 Dec 2010 20:45:51 -0500
To: João Eiras <joao.eiras@gmail.com>
Cc: public-webapps@w3.org
Message-ID: <AANLkTimmQr+Q2dW4oGdEmyeyCfPq-5Naprf1zMCB2hB1@mail.gmail.com>

(Note that this is from a ticket; the OP probably won't see replies here.)

On Mon, Dec 27, 2010 at 7:46 PM, João Eiras <joao.eiras@gmail.com> wrote:
> When the user open a tab in private mode, he/she knows that data will not be
> stored, therefore there is no need for the webpage to reiterate that. It
> would be awkward to expect each and every webpage that requires storage to
> warn the user, while it should be the user agent that would properly help
> the user manage his/her data.

Users won't completely understand what "privacy mode" does; what data
can't be stored and what can.  If you log into Gmail in "privacy
mode", does that mean that your saved drafts will be stored, or lost?
That depends on whether they're stored on the server or in (for
example) localStorage, a distinction no ordinary user can be expected
to understand.  If Gmail uses localStorage to save drafts (it
doesn't), it should definitely be able to tell the user: "warning,
your saved drafts will be lost at the end of your browser session
because your browser is configured not to keep this data around", or
to change storage mechanisms.

The alternative is ugly--users spending half an hour writing a mail,
saving a draft, and having it silently lost, because they expected
privacy mode to prevent their login cookie to be discarded, not their
drafts.  This means that even if localStorage is appropriate for a
particular use, the dangers of angry, confused users may make it
unacceptable.

I don't like the idea of a "not persistant" attribute: although I
don't personally find the transparency argument convincing, I'm pretty
sure that even if the spec requires having such an attribute, browsers
will ignore it.  That seems worse than not having it at all.

My first impression was that privacy mode should simply disable these
interfaces (as the current Web Storage editor's draft seems to
require, though as I mentioned before it's unclear), but that's no
good for IndexedDB, which is very useful even if it's not persistant.
I don't know the right answer in general.

-- 
Glenn Maynard

Received on Tuesday, 28 December 2010 01:46:24 UTC