[whatwg] Private browsing vs. Storage and Databases from Ian Fette on 2009-04-08 (public-whatwg-archive@w3.org from April 2009)

From: Ian Fette <ifette@google.com>
Date: Tue, 7 Apr 2009 18:11:11 -0700
Message-ID: <bbeaa26f0904071811l45164256x6d26b6c4e1da1680@mail.gmail.com>

FWIW, I think it would be helpful to expose via some manner that the user is
in an incognito/private/whatever mode, especially to plugins. (Right now
none of us can really control what plugins are doing). If we exposed that
fact, a page could check it and decide what it wants to do. To me, that
feels a lot better than just saying "No, sorry, you don't get XYZ."

2009/4/7 Ian Fette (????????) <ifette at google.com>

> On Tue, Apr 7, 2009 at 6:07 PM, Brady Eidson <beidson at apple.com> wrote:
>
>>
>> On Apr 7, 2009, at 5:50 PM, Aryeh Gregor wrote:
>>
>>>
>>> How are cookies handled right now?  Surely the issues should be pretty
>>> much the same?
>>>
>>
>> They are unspecified.  From this thread I have learned that Chrome and
>> Firefox start with no cookies.  Safari starts with a snapshot of cookies at
>> the point where the user entered private browsing mode.  I would not be
>> surprised if Opera or IE8 were subtley different from either of these two
>> approaches.
>>
>>  Option 3 is simple to implement and option 4 would difficult to implement
>>>> efficiently.  Both would lead to bizarre behavior where data that the
>>>> application thought was saved really wasn't.
>>>>
>>>
>>> I certainly can't think of how 3 could ever cause a problem.  It
>>> should be the same as the user just logging in from a computer they
>>> haven't used before, shouldn't it?
>>>
>>
>> I strongly share Jonas' concern that we'd tell web applications that we're
>> storing there data when we already know we're going to dump it later.  For 3
>> and 4 both, we're basically lying to the application and therefore the user.
>>  Imagine a scenario where a user has no network connection and unknowingly
>> left their browser in private browsing mode.  Email, documents, financial
>> transactions, etc could all be "saved" locally then later thrown away before
>> they've had a chance to sync to a server.
>>
>
> The same argument could be made for retaining cookies set during private
> browsing ;-)
>
>
>>
>>
>>  I don't think 1, 2, or 5 are good ideas, since they make localStorage
>>> semi-usable at best when privacy mode is enabled.
>>>
>>
>> Apparently Firefox plans to implement #2, and so far I'm standing by
>> WebKit choosing #5 for now.  Options 1, 2, and 5 all avoid the problem that
>> 3 and 4 have which is that we're lying about saving data we have no
>> intention to save.
>>
>> ~Brady
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090407/7d51a82f/attachment.htm>

Received on Tuesday, 7 April 2009 18:11:11 UTC