On Aug 31, 2009, at 11:12 AM, Jeremy Orlow wrote:
On Mon, Aug 31, 2009 at 11:01 AM, Jens Alfke <[email protected]> wrote:
On Aug 31, 2009, at 3:11 AM, Ian Hickson wrote:
We can't treat cookies and persistent storage differently, because
otherwise we'll expose users to cookie resurrection attacks.
Maintaining
the user's expectations of privacy is critical.
The fact that local storage can be used as a type of super-cookie
doesn't mean the two are the same thing. Yes, obviously if I give a
website permission to put 50MB of stuff on my disk, it can use 1k of
that as a type of cookie if it wants. That's just one of many
reasons why user agents should require user approval for letting a
domain access local storage.
That does not mean that the "Delete Cookies" menu command should
also delete local storage. Users often delete cookies to resolve
login issues (I've had to do this with Google websites several
times). Conflating the two can lead to disasters like "I told you to
delete my COOKIES! Not my EMAIL DRAFTS that I was trying to log in
to send!"
Agreed.
So I've removed the text that says that local storage could be user-
critical.
That's going to come as a shock to developers who were planning to
use it for user-created data (whether drafts of content to be pushed
to the cloud, or strictly-local documents.) Without this, the safe
usage of local storage diminishes to a download cache.
Yes, this is pretty disconcerting since there's been OVERWHELMING
support for LocalStorage being treated as user-critical on this
thread.
Thirded.
I will state again that I've been told face-to-face by multiple
developers: If there is a perception that Flash's LocalStorage is
deemed more "user critical" and therefore "safer" than HTML5's
LocalStorage, they'll continue to instantiate Flash instead of using
the HTML5/WebStorage mechanism. "Supercookies" will continue to exist
in the Flash-ether and continue to be hidden from browser-view.
/me sheds a tear.
~Brady
