[whatwg] Web Storage: apparent contradiction in spec

Aryeh Gregor Simetrical+w3c at gmail.com
Mon Aug 31 16:08:32 PDT 2009


On Mon, Aug 31, 2009 at 2:01 PM, Jens Alfke<snej at google.com> wrote:
> The fact that local storage can be used as a type of super-cookie doesn't
> mean the two are the same thing. Yes, obviously if I give a website
> permission to put 50MB of stuff on my disk, it can use 1k of that as a type
> of cookie if it wants. That's just one of many reasons why user agents
> should require user approval for letting a domain access local storage.

I was under the impression that the idea was that this wouldn't be
necessary.  Sites should be free to use localStorage as they use
cookies, transparently without annoying the user with spammed pop-ups.
 Does any browser currently require user approval for localStorage by
default, or plan to?

> That does not mean that the "Delete Cookies" menu command should also delete
> local storage. Users often delete cookies to resolve login issues (I've had
> to do this with Google websites several times). Conflating the two can lead
> to disasters like "I told you to delete my COOKIES! Not my EMAIL DRAFTS that
> I was trying to log in to send!"

I entirely agree with this, as a user.  Browsers should expose the
option to clear cookies and localStorage separately.  Currently
Chrome's "Clear Browsing Data" has a separate checkboxes for browsing
history, download history, cache, cookies, saved passwords, and saved
form data.  I'd expect it to add another checkbox for localStorage,
not change "cookies" to "cookies and localStorage".

Although in any event, I'm not sure what good UI would be to say "This
might destroy valuable data, but probably not most of it, and whether
it destroys the particular bit of data you're thinking of really
depends on if the app happens to store it locally or on its servers,
and if on its servers, whether it's pushed out this data yet or not."

On Mon, Aug 31, 2009 at 2:36 PM, Tab Atkins Jr.<jackalmage at gmail.com> wrote:
> Outlawing persistent storage in HTML5 as a privacy mechanism does
> *nothing* for privacy.  There are numerous methods, Flash LocalStorage
> in particular, that can and will be used to achieve what we developers
> want.  These methods will be *harder* for the end-user to monitor and
> control, and result in privacy violations being *easier*.
>
> What you see as a reasonable step to protect privacy, we see as an
> admonition that we'd better get used to Flash, because it's here to
> stay.

I don't think that the ones using Flash LocalStorage to track users
will ever switch to a standards-based solution.  Anything implemented
by the browser vendors will allow users to easily clear it, which
defeats their goal.  What HTML 5 needs to do is supplant Flash's
*site-critical* functions.  If Flash is relegated to only things like
tracking methods, it would be feasible for it to just not be
installed, and users wouldn't care.  Do site-critical Flash apps
(i.e., ones where the user would say the site is broken if they didn't
work) often rely heavily on localStorage persistence?


More information about the whatwg mailing list