W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2015

Re: [clear-site-data] implications on autofill / autocomplete behavior by browsers

From: Mike West <mkwst@google.com>
Date: Tue, 21 Jul 2015 06:38:01 +0200
Message-ID: <CAKXHy=dhXux0SS8HM_FR0kZmLr5H47RtjJawyA4fcpTUmKFCrw@mail.gmail.com>
To: Caleb Queern <cqueern@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hey Caleb!

On Mon, Jul 20, 2015 at 7:03 PM, Caleb Queern <cqueern@gmail.com> wrote:
>
> "an imperative mechanism which allows web developers to instruct a user
> agent to clear a user’s locally stored data related to a host and its
> subdomains."
>

I changed this yesterday based on your earlier email to refer to a "site's"
data rather than a "user's" data. I'll probably need to rephrase it again,
since the data isn't _really_ the site's, but I hope the intent is more
clear.


> However, I don't believe the spec addresses some information that some
> browsers retain related to a host and its subdomains, as it is currently
> written. If I'm not mistaken, autofill (at least in Chrome) remembers the
> searches I run against a site.
>

Autofill and password manager data are interesting, but I don't think this
API should allow a site to remove them. I think there's a relevant
distinction between data that a site directly affects via imperative
(indexed db) or declarative (the network cache) mechanisms on the one hand,
and data that the user agent stores on a user's behalf on the other.

The latter seems outside the scope of the feature, as it should be strictly
under the user's control; I expect we'd generate data loss issues if we had
a blanket policy of removing everything the user agent knows about a
website.

I'm not suggesting that the spec needs to address this specific behavior
> but that it should be written to clarify that this example of locally
> stored data related to a host and its subdomains is or is not cleared by
> the CSD directive.
>

I'll try to be more explicit in the privacy considerations section. In
short, this doesn't intend to provide a user-facing privacy control which
would allow users to deny historical activity on a site. That's something
that's well-suited to a browser's own UI, but shouldn't be the
responsibility of the web developer.

--
Mike West <mkwst@google.com>, @mikewest

Google Germany GmbH, Dienerstrasse 12, 80331 München,
Germany, Registergericht und -nummer: Hamburg, HRB 86891, Sitz der
Gesellschaft: Hamburg, Geschäftsführer: Graham Law, Christine Elizabeth
Flores
(Sorry; I'm legally required to add this exciting detail to emails. Bleh.)
Received on Tuesday, 21 July 2015 04:38:50 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC