Now that is a frightening observation. Is this creating a more persistent (pernicious?) tracking mechanism?
In that case, credentials stored by a site should last no longer than cookies. Credentials created by a user maybe can live longer. On 12 Mar 2016 04:41, "Anne van Kesteren" <[email protected]> wrote: > On Fri, Mar 11, 2016 at 6:08 PM, <[email protected]> wrote: > > That does raise the question, however, of how such a credential differs > from, say: > > > > * A cookie > > * A random nonce in localStorage/IDB > > * A non-extractable WebCrypto key > > The idea is that these are all less persistent. When you clear > storage/cookies, you don't delete password manager entries. (Which is > also why store() requires UI, if I remember correctly.) > > > -- > https://annevankesteren.nl/ > _______________________________________________ > dev-platform mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
