- From: Jens Alfke <snej@google.com>
- Date: Mon, 31 Aug 2009 12:34:06 -0700
On Aug 31, 2009, at 11:58 AM, Boris Zbarsky wrote: > It's controversial because, no offense, browser developers don't > trust the website author, nor should the users. At least to a first > approximation. Over on another thread of this list we've already been talking about the need to get the user's permission before a site can use [more than a certain minimum of] local storage. So that implies the user expressing a degree of trust in the site, at least enough trust to let it use a sliver of her hard disk. I agree that if an app is just storing a few kbytes of local storage without the user's informed consent, that's just the moral equivalent of a cookie and ought to be treated as such. > We could restrict local storage to explicitly trusted sites and then > not treat it as cookies; would that be preferable? It might be. That would be fine. The problem is that this seems to require an API change to allow the site to distinguish between "persistent storage I'm just using quietly as a cookie", and "persistent storage I want to be able to store larger amounts of possibly user-critical data in". ?Jens
Received on Monday, 31 August 2009 12:34:06 UTC