- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Mon, 31 Aug 2009 13:36:41 -0500
On Mon, Aug 31, 2009 at 5:11 AM, Ian Hickson<ian at hixie.ch> wrote: > On Tue, 25 Aug 2009, Jens Alfke wrote: >> >> I've just noticed an apparent self-contradiction in the Web Storage spec (24 >> August draft). >> >> Section 4.3 states: >> > Data stored in local storage areas should be considered potentially >> > user-critical. It is expected that Web applications will use the local >> > storage areas for storing user-written documents. >> >> Section 6.1 states: >> > User agents should present the persistent storage feature to the user in a >> > way that does not distinguish them from HTTP session cookies. >> >> These statements are contradictory, because cookies don't store user-critical >> data such as documents. The user model of cookies is that they're conveniences >> (at best) for keeping you logged into a site or remembering preferences like >> font-size, so deleting them is no more than an inconvenience. If local storage >> is presented to the user as being cookies, then a user may delete it without >> understanding the consequences. >> >> Potential result: "I was having trouble logging into FooDocs.com, so my friend >> suggested I delete the cookies for that site. After that I could log in, but >> now the document I was working on this morning has lost all the changes I >> made! How do I get them back?" >> >> I suggest that the sub-section "Treating persistent storage as cookies" of >> section 6.1 be removed. > > We can't treat cookies and persistent storage differently, because > otherwise we'll expose users to cookie resurrection attacks. Maintaining > the user's expectations of privacy is critical. > > So I've removed the text that says that local storage could be > user-critical. Outlawing persistent storage in HTML5 as a privacy mechanism does *nothing* for privacy. There are numerous methods, Flash LocalStorage in particular, that can and will be used to achieve what we developers want. These methods will be *harder* for the end-user to monitor and control, and result in privacy violations being *easier*. What you see as a reasonable step to protect privacy, we see as an admonition that we'd better get used to Flash, because it's here to stay. ~TJ
Received on Monday, 31 August 2009 11:36:41 UTC