FWIW, I think it would be helpful to expose via some manner that the user is in an incognito/private/whatever mode, especially to plugins. (Right now none of us can really control what plugins are doing). If we exposed that fact, a page could check it and decide what it wants to do. To me, that feels a lot better than just saying "No, sorry, you don't get XYZ."<br>
<br><div class="gmail_quote">2009/4/7 Ian Fette (�$B%$%"%s%U%'%C%F%#�(B) <span dir="ltr"><<a href="mailto:ifette@google.com">ifette@google.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="gmail_quote"><div class="im">On Tue, Apr 7, 2009 at 6:07 PM, Brady Eidson <span dir="ltr"><<a href="mailto:beidson@apple.com" target="_blank">beidson@apple.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><br>
On Apr 7, 2009, at 5:50 PM, Aryeh Gregor wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
How are cookies handled right now? Surely the issues should be pretty<br>
much the same?<br>
</blockquote>
<br></div>
They are unspecified. From this thread I have learned that Chrome and Firefox start with no cookies. Safari starts with a snapshot of cookies at the point where the user entered private browsing mode. I would not be surprised if Opera or IE8 were subtley different from either of these two approaches.<div>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Option 3 is simple to implement and option 4 would difficult to implement<br>
efficiently. Both would lead to bizarre behavior where data that the<br>
application thought was saved really wasn't.<br>
</blockquote>
<br>
I certainly can't think of how 3 could ever cause a problem. It<br>
should be the same as the user just logging in from a computer they<br>
haven't used before, shouldn't it?<br>
</blockquote>
<br></div>
I strongly share Jonas' concern that we'd tell web applications that we're storing there data when we already know we're going to dump it later. For 3 and 4 both, we're basically lying to the application and therefore the user. Imagine a scenario where a user has no network connection and unknowingly left their browser in private browsing mode. Email, documents, financial transactions, etc could all be "saved" locally then later thrown away before they've had a chance to sync to a server.<div>
</div></blockquote><div><br></div></div><div>The same argument could be made for retaining cookies set during private browsing ;-)</div><div class="im"><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I don't think 1, 2, or 5 are good ideas, since they make localStorage<br>
semi-usable at best when privacy mode is enabled.<br>
</blockquote>
<br></div>
Apparently Firefox plans to implement #2, and so far I'm standing by WebKit choosing #5 for now. Options 1, 2, and 5 all avoid the problem that 3 and 4 have which is that we're lying about saving data we have no intention to save.<br>
<font color="#888888">
<br>
~Brady<br>
<br>
<br>
</font></blockquote></div></div><br>
</blockquote></div><br>