- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Thu, 3 Sep 2009 08:49:04 -0500
On Thu, Sep 3, 2009 at 7:56 AM, Ian Hickson<ian at hixie.ch> wrote: > On Mon, 31 Aug 2009, Jens Alfke wrote: >> On Aug 31, 2009, at 3:11 AM, Ian Hickson wrote: >> > >> > We can't treat cookies and persistent storage differently, because >> > otherwise we'll expose users to cookie resurrection attacks. >> > Maintaining the user's expectations of privacy is critical. >> >> The fact that local storage can be used as a type of super-cookie >> doesn't mean the two are the same thing. > > The fact that local storage can be used for cookie resurrection means we > have to make sure that clearing one clears the other. Anything else would > be a huge privacy issue (just as Flash has been). And as Flash will continue to be, forever, in a manner that is generally opaque from the user, especially as more people lean on it for things like a halfway-dependable storage location. >> That's going to come as a shock to developers who were planning to use >> it for user-created data (whether drafts of content to be pushed to the >> cloud, or strictly-local documents.) Without this, the safe usage of >> local storage diminishes to a download cache. > > I don't see what else we can do. You could just *not* specify that LocalStorage is worthless for anything but a cache. Is there *anything* that would allow a permanent site-accessible storage solution in your mind, or is cookie resurrection a deal-killer for all time? If the latter, you're not doing anyone any favors, least of all users, as they'll still have their privacy violated but by entities other than their browser which may be more difficult to review and regulate. ~TJ
Received on Thursday, 3 September 2009 06:49:04 UTC