W3C home > Mailing lists > Public > whatwg@whatwg.org > April 2009

[whatwg] Private browsing vs. Storage and Databases

From: Michael Nordman <michaeln@google.com>
Date: Tue, 7 Apr 2009 18:38:31 -0700
Message-ID: <fa2eab050904071838w24017446qaf736e6b55167e68@mail.gmail.com>
On Tue, Apr 7, 2009 at 6:30 PM, Brady Eidson <beidson at apple.com> wrote:
>
> On Apr 7, 2009, at 6:19 PM, Ian Fette (????????) wrote:
>
>> Yeah, but my argument is more that Incognito / Private / whatever is like
>> starting from a boot cdrom with a filesystem that's in memory.
>
> This is actually not necessarily a fact, as it has become clear that the
> different private browsing modes from the different browsers behave
> differently.
>
>> The OS isn't pretending, nobody's lying to the app, that's just the way it
>> is.
>>
>> I think Michael summarized it well -
>>
>> Copying it over and making it read-only violates privacy concerns.
>
> It depends on the intention of your private browsing mode.  My understanding
> is that Safari's private browsing mode has always been about leaving a local
> footprint on the user's computer, not about the interaction with the web.
>
>> Turning it off entirely removes functionality when it could perhaps be
>> useful
>
> Agreed.
>
>> I think that doing option 3, and perhaps providing a way for the app to
>> know that we're in this mode so it can do whatever is appropriate (saving to
>> the cloud more frequently, just not using localstorage all together,
>> whatever is right for that app) solves those problems.
>
> I agree it is valuable for a page to know this mode is in effect, and it
> would be important for plug-ins as well which is why it's being discussed on
> some plug-ins lists.
>
> But what you and Aryeh are suggesting is that LocalStorage have two modes,
> one where it violates one of it's primary purposes - that the data is
> persistent.  My suggestion is that LocalStorage have a specified failure
> mode.  I'm still leaning towards the failure mode instead of the "pretend to
> work" case.
>
> Another problem with the "reset to an empty storage area" case is this: say
> the user starts using an application and it does some things with
> LocalStorage.  Then, without leaving the application, the user realizes "Oh,
> I should be in private browsing mode" and activates it.  In one fell swoop,
> LocalStorage is reset to empty and the application is left in an
> inconsistent state.  Is that okay?
>
> I'm not saying the read-only mode is perfect, but I feel the issues with the
> "start empty, pretend to work" solutions are more severe!

Read-only mode will just plain break some sites. They won't function,
and you will not have the option of visiting them incognito... not
useful.

I'm not sure this has to be addressed in the standard. This seems like
something browser developers can address without grand unification.

>
> ~Brady
>
>
>
Received on Tuesday, 7 April 2009 18:38:31 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:11 UTC