- From: Drew Wilson <atwilson@google.com>
- Date: Mon, 27 Dec 2010 19:55:07 -0800
- To: Glenn Maynard <glenn@zewt.org>
- Cc: Joćo Eiras <joao.eiras@gmail.com>, public-webapps@w3.org
- Message-ID: <AANLkTin3LHFpiyWbp59LeVr8G62do0c8RERR4HUvTp5p@mail.gmail.com>
FWIW, the Chrome team has come down pretty hard on the side of not ever leaking to apps that the user is in incognito mode, for precisely the reasons described previously. Incognito mode loses much of its utility if pages are able to screen for it and block access. I do think there's a user education burden that isn't entirely being met yet, though - the Chrome documentation doesn't really talk about local storage, for example. But I don't think that pushing this responsibility onto individual web applications is the right solution. -atw On Mon, Dec 27, 2010 at 5:45 PM, Glenn Maynard <glenn@zewt.org> wrote: > (Note that this is from a ticket; the OP probably won't see replies here.) > > On Mon, Dec 27, 2010 at 7:46 PM, Joćo Eiras <joao.eiras@gmail.com> wrote: > > When the user open a tab in private mode, he/she knows that data will not > be > > stored, therefore there is no need for the webpage to reiterate that. It > > would be awkward to expect each and every webpage that requires storage > to > > warn the user, while it should be the user agent that would properly help > > the user manage his/her data. > > Users won't completely understand what "privacy mode" does; what data > can't be stored and what can. If you log into Gmail in "privacy > mode", does that mean that your saved drafts will be stored, or lost? > That depends on whether they're stored on the server or in (for > example) localStorage, a distinction no ordinary user can be expected > to understand. If Gmail uses localStorage to save drafts (it > doesn't), it should definitely be able to tell the user: "warning, > your saved drafts will be lost at the end of your browser session > because your browser is configured not to keep this data around", or > to change storage mechanisms. > > The alternative is ugly--users spending half an hour writing a mail, > saving a draft, and having it silently lost, because they expected > privacy mode to prevent their login cookie to be discarded, not their > drafts. This means that even if localStorage is appropriate for a > particular use, the dangers of angry, confused users may make it > unacceptable. > > I don't like the idea of a "not persistant" attribute: although I > don't personally find the transparency argument convincing, I'm pretty > sure that even if the spec requires having such an attribute, browsers > will ignore it. That seems worse than not having it at all. > > My first impression was that privacy mode should simply disable these > interfaces (as the current Web Storage editor's draft seems to > require, though as I mentioned before it's unclear), but that's no > good for IndexedDB, which is very useful even if it's not persistant. > I don't know the right answer in general. > > -- > Glenn Maynard > >
Received on Tuesday, 28 December 2010 03:55:38 UTC