[whatwg] Private browsing vs. Storage and Databases
Brady Eidson
beidson at apple.com
Tue Apr 7 18:30:55 PDT 2009
On Apr 7, 2009, at 6:19 PM, Ian Fette (イアンフェッティ) wrote:
> Yeah, but my argument is more that Incognito / Private / whatever is
> like starting from a boot cdrom with a filesystem that's in memory.
This is actually not necessarily a fact, as it has become clear that
the different private browsing modes from the different browsers
behave differently.
> The OS isn't pretending, nobody's lying to the app, that's just the
> way it is.
>
> I think Michael summarized it well -
>
> Copying it over and making it read-only violates privacy concerns.
It depends on the intention of your private browsing mode. My
understanding is that Safari's private browsing mode has always been
about leaving a local footprint on the user's computer, not about the
interaction with the web.
> Turning it off entirely removes functionality when it could perhaps
> be useful
Agreed.
> I think that doing option 3, and perhaps providing a way for the app
> to know that we're in this mode so it can do whatever is appropriate
> (saving to the cloud more frequently, just not using localstorage
> all together, whatever is right for that app) solves those problems.
I agree it is valuable for a page to know this mode is in effect, and
it would be important for plug-ins as well which is why it's being
discussed on some plug-ins lists.
But what you and Aryeh are suggesting is that LocalStorage have two
modes, one where it violates one of it's primary purposes - that the
data is persistent. My suggestion is that LocalStorage have a
specified failure mode. I'm still leaning towards the failure mode
instead of the "pretend to work" case.
Another problem with the "reset to an empty storage area" case is
this: say the user starts using an application and it does some things
with LocalStorage. Then, without leaving the application, the user
realizes "Oh, I should be in private browsing mode" and activates it.
In one fell swoop, LocalStorage is reset to empty and the application
is left in an inconsistent state. Is that okay?
I'm not saying the read-only mode is perfect, but I feel the issues
with the "start empty, pretend to work" solutions are more severe!
~Brady
More information about the whatwg
mailing list