Re: Leakage of amount of storage used

2017-06-29 Thread Tim Huang 
On Thu, Jun 29, 2017 at 11:08 AM, Anne van Kesteren 
wrote:

> Persistent storage gets the global quota. We also expose the local
> quota (that of the origin). That means that by filling up space you
> can determine how much space all other origins take up together.
>
> Persistent storage for an origin is user opt-in through a dialog (and
> maybe "add to homescreen/new tab" at some point in the future).
>
> Presumably we already have this leak with a proprietary extension to
> IndexedDB that enables persistent storage (though slightly different
> in nature; it's not bound by the global quota but by disk space).
>
> This data could be used for fingerprinting.
>
> Is this acceptable or should we seek to actively avoid it somehow?
> E.g., by limiting persistent storage to an amount less than the global
> quota.
>
>
If this is the problem that was described in
https://github.com/whatwg/storage/issues/31

Yes, we are trying to solve this problem right now. There is a bug, Bug
1290481 , has been
opened for tackling this issue.


> --
> https://annevankesteren.nl/
> ___
> dev-platform mailing list
> dev-platform@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-platform
>



-- 
Tim Huang
Mozilla Taiwan
email:tihu...@mozilla.com
phone:+886-2-8786-1100#402
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Leakage of amount of storage used

2017-06-29 Thread Anne van Kesteren 
Persistent storage gets the global quota. We also expose the local
quota (that of the origin). That means that by filling up space you
can determine how much space all other origins take up together.

Persistent storage for an origin is user opt-in through a dialog (and
maybe "add to homescreen/new tab" at some point in the future).

Presumably we already have this leak with a proprietary extension to
IndexedDB that enables persistent storage (though slightly different
in nature; it's not bound by the global quota but by disk space).

This data could be used for fingerprinting.

Is this acceptable or should we seek to actively avoid it somehow?
E.g., by limiting persistent storage to an amount less than the global
quota.


-- 
https://annevankesteren.nl/
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform