On 2014-05-20, 6:43 PM, Jonas Sicking wrote:
On Tue, May 20, 2014 at 2:33 PM, Ehsan Akhgari <ehsan.akhg...@gmail.com> wrote:
But I believe that that would be a pretty crappy private browsing
feature which I don't think anyone here would argue for.
Private browsing is mainly about giving you a new, throw-away,
identity. The throw-away part is why we don't allow storing data. The
reason we have a separate cookie jar is in order to implement the
"new" part.
That was actually an unintended use case which was enabled as a side-effect
of the cookie jar separation. We never really designed PB for this.
Whatever the reason we did this originally was, I believe that we
would have had a mostly useless private-browsing feature if we had not
created a new blank cookie-jar for private browsing.
I really do believe that private browsing must create a "new,
throw-away" profile. Anything else will be mostly useless to users.
We're diverging from the topic of this thread, but to me, that's an
implementation detail as long as we ensure that the users' activity in
PB mode doesn't "leak" into their normal session.
They don't care if google didn't technically create any new cookies,
if "wedding ring" shows up in the user's search history due to a
search done in private browsing, they will be very disappointed.
That's true, and it's the reason why we made this choice for handling
cookies. As long as we ensure that the channel opened to deliver the
ping from <a ping> inherits the correct privacy settings, it should work
fine with the rest of the stack, ensuring that your non-private cookies
are not sent alongside the ping, the ping doesn't get cached to disk, etc.
Cheers,
Ehsan
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
