[whatwg] Web Storage: apparent contradiction in spec

Tab Atkins Jr. jackalmage at gmail.com
Thu Sep 3 06:49:04 PDT 2009


On Thu, Sep 3, 2009 at 7:56 AM, Ian Hickson<ian at hixie.ch> wrote:
> On Mon, 31 Aug 2009, Jens Alfke wrote:
>> On Aug 31, 2009, at 3:11 AM, Ian Hickson wrote:
>> >
>> > We can't treat cookies and persistent storage differently, because
>> > otherwise we'll expose users to cookie resurrection attacks.
>> > Maintaining the user's expectations of privacy is critical.
>>
>> The fact that local storage can be used as a type of super-cookie
>> doesn't mean the two are the same thing.
>
> The fact that local storage can be used for cookie resurrection means we
> have to make sure that clearing one clears the other. Anything else would
> be a huge privacy issue (just as Flash has been).

And as Flash will continue to be, forever, in a manner that is
generally opaque from the user, especially as more people lean on it
for things like a halfway-dependable storage location.

>> That's going to come as a shock to developers who were planning to use
>> it for user-created data (whether drafts of content to be pushed to the
>> cloud, or strictly-local documents.) Without this, the safe usage of
>> local storage diminishes to a download cache.
>
> I don't see what else we can do.

You could just *not* specify that LocalStorage is worthless for
anything but a cache.  Is there *anything* that would allow a
permanent site-accessible storage solution in your mind, or is cookie
resurrection a deal-killer for all time?

If the latter, you're not doing anyone any favors, least of all users,
as they'll still have their privacy violated but by entities other
than their browser which may be more difficult to review and regulate.

~TJ



More information about the whatwg mailing list