[whatwg] Private browsing vs. Storage and Databases from Drew Wilson on 2009-04-08 (public-whatwg-archive@w3.org from April 2009)

From: Drew Wilson <atwilson@google.com>
Date: Wed, 8 Apr 2009 09:52:45 -0700
Message-ID: <f965ae410904080952k5720aa1fjd87a2a4155d4af3d@mail.gmail.com>

Tab expressed my thoughts on this issue much better than I ever could. I did
want to follow up with a couple of notes.

I think the #1 goal for incognito mode has to be "maximum compatibility" -
let sites continue to work, which kills options #1 & 2.
A secondary goal for incognito mode would be "don't let sites know the user
is in incognito mode" - this kills approach #1 and #5, and possibly #2
(depending on whether there are significant non-incognito use cases that
also have 0 local storage quota).

Given those goals, it seems like it leaves items #3 and #4 as the only
reasonable solutions. Yes, you can construct tortured scenarios where the
user enters data *while in incognito mode* which he expects to continue to
persist beyond incognito mode - I just don't see this as a serious problem.

-atw

On Tue, Apr 7, 2009 at 7:28 PM, Tab Atkins Jr. <jackalmage at gmail.com> wrote:

>
> Having read the thread, as both a user and an amateur author, I think
> #3 or #4 are the most reasonable.  All of the others are going to
> break sites and provide bad user experiences.
>
> There's really no way to argue this.  Most authors are idiots (just
> like most users are idiots).  They'll use exactly as much of a feature
> as they need, and nothing more.  They won't read standards, and they
> won't check for errors.  #1 will *obviously* break things, especially
> if accesses to LocalStorage throw during private browsing.  #5 will
> put applications in an inconsistent state pretty quickly, as they
> assume their writes were successful.  #2 is probably the most
> pernicious, as it will bite users hardest when the author is *just*
> smart enough to do some basic error checking (such as testing for
> quota size) before they start to use LocalStorage.
>
> Those three, each in their own way, feel more technically correct than
> #3 and #4, and so I perfectly understand why they seem attractive to
> implementors.  But they *will* cause serious problems for users, and
> they *will* prevent people from using private browsing on
> badly-designed LocalStorage/Database-using sites (which will be a
> large percentage of them).
>
> #3 and #4 are the realistic solutions here, both of which address the
> problem while acknowledging the limitations of common author
> abilities.  Which one is chosen is largely a matter of preference, and
> aren't that significant.
>
> ~TJ
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090408/713c2170/attachment.htm>

Received on Wednesday, 8 April 2009 09:52:45 UTC