[whatwg] Private browsing vs. Storage and Databases

Jonas Sicking jonas at sicking.cc
Thu Apr 9 09:43:05 PDT 2009

2009/4/9 Darin Fisher <darin at google.com>:
> On Tue, Apr 7, 2009 at 6:10 PM, Brady Eidson <beidson at apple.com> wrote:
>> On Apr 7, 2009, at 6:04 PM, Ian Fette (イアンフェッティ) wrote:
>> 2009/4/7 Jonas Sicking <jonas at sicking.cc>
>>> I do agree that there's still need for storing data while in private
>>> browsing mode. So I do think it makes a lot of sense for
>>> .sessionStorage to keep working.
>>> But I do have concerned about essentially telling a website that we'll
>>> store the requested data, only to drop it on the floor as soon as the
>>> user exits private browsing mode (or crashes).
>>> / Jonas
>> Doesn't the website have to handle that anyways? I mean, I assume that all
>> the browsers are going to allow users some way to "manage" this stuff, much
>> like cache/cookies - e.g. you have to assume that at some point in time the
>> user is going to blow you away. (Especially on mobile devices where space is
>> more of a premium...)
>> Caches are always assumed to be temporary and recoverable, and cookies
>> have severe size and lifetime limitations placed on them (ie - the User
>> Agent can never be excepted to keep cookies around for any predictable
>> lifetime, per the cookies spec).
>> LocalStorage and Databases are expected to be persistent unless a script
>> or the user explicitly removes them.  They're more like files, where
>> arbitrarily misplacing them is unacceptable.
>> ~Brady
> Just to clarify:  Chrome's "incognito mode" means--is defined as--starting
> from a clean slate (as if you started browsing for the first time on a new
> computer), and when you exit incognito mode, the accumulated data is
> discarded.  That's all there is to it.  The behavior of LocalStorage and
> Database in this mode is deduced easily from that definition.
> I think it is fine if other browsers define privacy modes differently.
> While it might be nice (for web app developers perhaps?) if we all agreed on
> the same definition here, I don't think it really matters.  Chrome's
> behavior is just simulating a possible user behavior (create new profile,
> browse, destroy profile on exit).  It is similar to Firefox's "clear all
> data on exit" option if combined with a fresh profile via the --profile
> command line switch.  The main difference is that we try to avoid writing
> data to disk while the incognito session is active so that if we crash, we
> don't end up with persisted data.

I agree that every browser should be allowed to treat privacy mode any
way it wants. Or have options such as "clear all data on exit". This
is areas where IMHO we want UAs to innovate in order to research a
better browsing experience.

I still think that telling the site that we'll store its data, and
then drop it, is likely going to lead to unintended and unexpected
behavior. However I'm happy to see Chrome and other UAs play around
with this.

/ Jonas

More information about the whatwg mailing list