[whatwg] Web Storage: apparent contradiction in spec

Tab Atkins Jr. jackalmage at gmail.com
Mon Aug 31 16:14:35 PDT 2009


On Mon, Aug 31, 2009 at 6:08 PM, Aryeh Gregor<Simetrical+w3c at gmail.com> wrote:
> On Mon, Aug 31, 2009 at 2:36 PM, Tab Atkins Jr.<jackalmage at gmail.com> wrote:
>> Outlawing persistent storage in HTML5 as a privacy mechanism does
>> *nothing* for privacy.  There are numerous methods, Flash LocalStorage
>> in particular, that can and will be used to achieve what we developers
>> want.  These methods will be *harder* for the end-user to monitor and
>> control, and result in privacy violations being *easier*.
>>
>> What you see as a reasonable step to protect privacy, we see as an
>> admonition that we'd better get used to Flash, because it's here to
>> stay.
>
> I don't think that the ones using Flash LocalStorage to track users
> will ever switch to a standards-based solution.  Anything implemented
> by the browser vendors will allow users to easily clear it, which
> defeats their goal.  What HTML 5 needs to do is supplant Flash's
> *site-critical* functions.  If Flash is relegated to only things like
> tracking methods, it would be feasible for it to just not be
> installed, and users wouldn't care.  Do site-critical Flash apps
> (i.e., ones where the user would say the site is broken if they didn't
> work) often rely heavily on localStorage persistence?

Sure, the ones using it for tracking that care *that much* will use
other solutions anyway.  But people who just want some persistent
storage as part of their app, because it's useful to their users, will
use the browser-native solution if it works.  If LocalStorage is
explicitly supposed to be as ephemeral of cookies, though, that will
push people towards stuff like Flash LocalStorage instead.

I think a lot of people weren't that aware of Flash LocalStorage, but
more will be now that we're talking about it.

~TJ



More information about the whatwg mailing list