[whatwg] Private browsing vs. Storage and Databases
jorlow at google.com
Tue Apr 7 19:09:21 PDT 2009
2009/4/7 Jonas Sicking <jonas at sicking.cc>
> 2009/4/7 Ian Fette (イアンフェッティ) <ifette at google.com>:
> > 2009/4/7 Jonas Sicking <jonas at sicking.cc>
> >> 2009/4/7 Ian Fette (イアンフェッティ) <ifette at google.com>:
> >> > In Chrome/Chromium, "incognito" mode is basically a new profile that
> >> > in
> >> > memory (plus or minus... the cache will never get written out to disk,
> >> > although of course the memory pages could get swapped out and hit the
> >> > disk
> >> > that way...). The implication is that, for many of these features,
> >> > things
> >> > could just naturally get handled. That is, whilst the session is
> >> > pages can still use a database / local storage / ... / and at the end
> >> > the
> >> > session, when that profile is deleted, things will go away. I
> >> > like that approach, as there may be legitimate reasons to want to use
> >> > database even for just a single session. (Perhaps someone wants to
> >> > a
> >> > spreadsheet and the spreadsheet app wants to use a database on the
> >> > client as
> >> > a backing store for fast edits, I don't know...). I just don't like
> >> > idea
> >> > of saying "Sorry, incognito/private/... means a class of pages won't
> >> > work"
> >> > if there's no reason it has to be that way.
> >> > In short, I would prefer something closest to Option 3. It lets pages
> >> > just
> >> > work, but respects the privacy wishes of the user. (AppCache /
> >> > persistent
> >> > workers are the one exception where I think Option3 doesn't apply and
> >> > need to figure something out.)
> >> I do agree that there's still need for storing data while in private
> >> browsing mode. So I do think it makes a lot of sense for
> >> .sessionStorage to keep working.
> >> But I do have concerned about essentially telling a website that we'll
> >> store the requested data, only to drop it on the floor as soon as the
> >> user exits private browsing mode (or crashes).
> >> / Jonas
> > Doesn't the website have to handle that anyways? I mean, I assume that
> > the browsers are going to allow users some way to "manage" this stuff,
> > like cache/cookies - e.g. you have to assume that at some point in time
> > user is going to blow you away. (Especially on mobile devices where space
> > more of a premium...)
> It's different in that the user managing his data is an explicit
> action on the users part. I.e. the user has to go to a place in the UA
> and click a 'clear data' button. Users are more likely to expect that
> this results in a half composed message disappearing than if the same
> thing happens when exiting private browsing mode.
> I think :)
If a user is in private browsing mode typing up a message, they should
definitely not expect it to be there when they leave such a mode. If they
do expect it to be there, then they really wanted multiple profiles.
I know it's bad to make presumptions, but I just can't see any web developer
depending on the localStorage or database API as anything more than a cache.
When a user is on a web application, they expect to be able to go to
another computer and access that information.
Also note that, if you assume these APIs are anything other than fairly
permanent caches, then your browser had better have a good story for when
the user upgrades/downgrades their browser or even switches computers. This
feels like we're going back to the POP3 era of email. :-)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the whatwg