[whatwg] Private browsing vs. Storage and Databases from Brady Eidson on 2009-04-08 (public-whatwg-archive@w3.org from April 2009)

From: Brady Eidson <beidson@apple.com>
Date: Tue, 07 Apr 2009 18:30:55 -0700
Message-ID: <EDCF364B-CF4B-427F-99AB-B30E1A397F3F@apple.com>

On Apr 7, 2009, at 6:19 PM, Ian Fette (????????) wrote:

> Yeah, but my argument is more that Incognito / Private / whatever is  
> like starting from a boot cdrom with a filesystem that's in memory.

This is actually not necessarily a fact, as it has become clear that  
the different private browsing modes from the different browsers  
behave differently.

> The OS isn't pretending, nobody's lying to the app, that's just the  
> way it is.
>
> I think Michael summarized it well -
>
> Copying it over and making it read-only violates privacy concerns.

It depends on the intention of your private browsing mode.  My  
understanding is that Safari's private browsing mode has always been  
about leaving a local footprint on the user's computer, not about the  
interaction with the web.

> Turning it off entirely removes functionality when it could perhaps  
> be useful

Agreed.

> I think that doing option 3, and perhaps providing a way for the app  
> to know that we're in this mode so it can do whatever is appropriate  
> (saving to the cloud more frequently, just not using localstorage  
> all together, whatever is right for that app) solves those problems.

I agree it is valuable for a page to know this mode is in effect, and  
it would be important for plug-ins as well which is why it's being  
discussed on some plug-ins lists.

But what you and Aryeh are suggesting is that LocalStorage have two  
modes, one where it violates one of it's primary purposes - that the  
data is persistent.  My suggestion is that LocalStorage have a  
specified failure mode.  I'm still leaning towards the failure mode  
instead of the "pretend to work" case.

Another problem with the "reset to an empty storage area" case is  
this: say the user starts using an application and it does some things  
with LocalStorage.  Then, without leaving the application, the user  
realizes "Oh, I should be in private browsing mode" and activates it.   
In one fell swoop, LocalStorage is reset to empty and the application  
is left in an inconsistent state.  Is that okay?

I'm not saying the read-only mode is perfect, but I feel the issues  
with the "start empty, pretend to work" solutions are more severe!

~Brady

Received on Tuesday, 7 April 2009 18:30:55 UTC