W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2009

[whatwg] Web Storage: apparent contradiction in spec

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 3 Sep 2009 22:33:56 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0909032227120.10423@hixie.dreamhostps.com>
On Thu, 3 Sep 2009, Tab Atkins Jr. wrote:
> On Thu, Sep 3, 2009 at 7:56 AM, Ian Hickson<ian at hixie.ch> wrote:
> > On Mon, 31 Aug 2009, Jens Alfke wrote:
> >> On Aug 31, 2009, at 3:11 AM, Ian Hickson wrote:
> >> >
> >> > We can't treat cookies and persistent storage differently, because 
> >> > otherwise we'll expose users to cookie resurrection attacks. 
> >> > Maintaining the user's expectations of privacy is critical.
> >>
> >> The fact that local storage can be used as a type of super-cookie 
> >> doesn't mean the two are the same thing.
> >
> > The fact that local storage can be used for cookie resurrection means 
> > we have to make sure that clearing one clears the other. Anything else 
> > would be a huge privacy issue (just as Flash has been).
> 
> And as Flash will continue to be, forever, in a manner that is generally 
> opaque from the user, especially as more people lean on it for things 
> like a halfway-dependable storage location.

On Thu, 3 Sep 2009, Aryeh Gregor wrote:
> 
> The *only* reason Flash is a privacy issue is because there's no easy
> way for users to clear its storage.  The issue here isn't the
> technical details of how the storage works, but the UI.  Adobe, for
> whatever reason, has chosen not to bother with helping Flash users
> preserve their privacy, and because of lock-in, browser vendors are
> unable to do anything about it.  All major browser vendors have a
> track record of going to great lengths to ensure that their users'
> privacy is protected from third-party websites.  I think it's safe to
> say they'll compete to create good UI in this case -- even if
> technically, the functionality of HTML 5 localStorage is identical to
> that of Flash local storage.  The spec doesn't need to try specifying
> UI here (especially since it seems like it will be ignored).

Indeed.

Flash's privacy problem can be removed by uninstalling Flash. They're not 
a license to add more privacy problems to the platform.


On Thu, 3 Sep 2009, Tab Atkins Jr. wrote:
> On Thu, Sep 3, 2009 at 7:56 AM, Ian Hickson<ian at hixie.ch> wrote:
> > On Mon, 31 Aug 2009, Jens Alfke wrote:
> >>
> >> That's going to come as a shock to developers who were planning to use
> >> it for user-created data (whether drafts of content to be pushed to the
> >> cloud, or strictly-local documents.) Without this, the safe usage of
> >> local storage diminishes to a download cache.
> >
> > I don't see what else we can do.
> 
> You could just *not* specify that LocalStorage is worthless for anything 
> but a cache.  Is there *anything* that would allow a permanent 
> site-accessible storage solution in your mind, or is cookie resurrection 
> a deal-killer for all time?

The latter.


> If the latter, you're not doing anyone any favors, least of all users, 
> as they'll still have their privacy violated but by entities other than 
> their browser which may be more difficult to review and regulate.

If Adobe wants to violate their users' privacy, that's their prerogative. 
But I'm not speccing something that so blatently allows users to be 
tracked without their consent -- and worse -- despite their attempts to 
stop it.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 3 September 2009 15:33:56 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:52 UTC