Closed
Bug 449981
Opened 16 years ago
Closed 7 years ago
storage UI should look and act alot like cookie UI
Categories
(Firefox :: Security, defect)
Firefox
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1421737
People
(Reporter: chofmann, Unassigned)
References
Details
(Keywords: privacy)
at a couple of blackhat/defcon presentations (like https://www.defcon.org/html/defcon-16/dc-16-speakers.html#Stamos ) the assertion was made that off-line storage in the browser is just like cookies on steroids, and all the same tracking and exploit mechanisms that have been used against cookies in the past should also be tried/researched against off-line storage. the suggestion was also made that users should be provided with all the same UI control mechanisms and options they have to control cookies including deletion of all and specific site off-line stores. this is a tracking bug to look at these issues and suggestions and figure out if there is any good work to be done here.
|
Reporter | |
Comment 1•16 years ago
|
||
adding some more to the cc list that can bring perspective from those that have developed some off-line apps and prototypes.
|
|
Reporter | |
Comment 2•16 years ago
|
||
sounds like dcamp is working in this area for fx3.1
|
|
Reporter | |
Comment 3•16 years ago
|
||
jonath/dcamp, and ideas on if cookie/off-line ui unification can be looked at or maybe even landed for 3.1?
|
|
Reporter | |
Comment 4•16 years ago
|
||
poking around on mac a bit this might translate into: 1) Moving "Off-line Storage" related stuff, currently on the "Advanced" Tab to the "Privacy" Tab. Right now "Advanced" is looking like sort of a grab bag of random stuff. "Privacy" also has related off-line stuff included under "Clear Private Data" [settings] ... anyone spot other ideas? That one change might go a long way towards the suggested unification. Other unification points like integration into clearing private data look like they have already been done.
|
|
Reporter | |
Comment 5•16 years ago
|
||
I guess we do use some differences in terminology and ordering for basically the same operations in both the cookie and storage ui.
Cookies
-------
[x] Accept Cookies from sites [exceptions]
[x] accept 3rd party cookies
[x] Keep until they expire|close|ask
[show cookies]
Off-line
--------
Use up to [xx] space [global clear now]
[x] Tell me when a website wants to store data for off-line use [exceptions]
[list of sites storing data] [remove (a single site?)]
|
||
Comment 7•15 years ago
|
||
There's also bug 506692 with some discussion, and I'm not sure whether to resolve either of these two as a duplicate, so adding dependency.
Depends on: 506692
|
||
Comment 8•13 years ago
|
||
Is offline storage only analogous to first party cookies? Or is there an equivalent with offline storage to third party cookies.
|
|
Reporter | |
Comment 9•13 years ago
|
||
yeah, that's probably one way to think about it... o/l storage is like first party cookies since the info stored must be from the same domain as the site you are visiting. https://developer.mozilla.org/en/dom/storage has more technical detail on how this works and the "Storage location and clearing the data" section of that page has some reference to how dom storage interacts with the operations on cookies. adding sicking to 'cc
(In reply to comment #8) > Is offline storage only analogous to first party cookies? Or is there an > equivalent with offline storage to third party cookies. LocalStorage can be analogous to third-party cookies since you can open a third-party iframe which uses localstorage and communicate with it. IndexedDB is diabled in cross-site iframes, so it only exists as first-party storage.
Also, weren't we working on a totally different approach for specifying site-specific info. Where instead of having a cookie manager, a offline manager etc, we'd have a single "about this website" UI. This was originally targetted for FF4 but didn't make it. Is this being picked up for a later release? Is there a tracking bug?
|
||
Comment 12•13 years ago
|
||
(In reply to comment #11) > This was originally targetted for FF4 but didn't make it. Is this being picked > up for a later release? Is there a tracking bug? Boriss would know!
|
||
Comment 13•13 years ago
|
||
(In reply to comment #11) > ... a single "about this website" UI. > > This was originally targetted for FF4 but didn't make it. Is this being picked > up for a later release? Is there a tracking bug? That's bug 573176 I think!
Depends on: 573176
|
|
||
Comment 14•13 years ago
|
||
>LocalStorage can be analogous to third-party cookies since you can open a
>third-party iframe which uses localstorage and communicate with it.
Do we currently have a means of disabling this? It seems like any users who are interested in disabling third party cookies would also want to turn of third party localstorage, since they are then functionally the same. We might want to collapse these two items into a single pref, since understanding the differences between the two surfaces too much of implementation model of the Web.We don't currently have the ability to disable third-party localStorage no. Please file a bug on that, I definitely think it's something we should have.
|
|
||
Comment 16•13 years ago
|
||
Sure thing, filed bug 650409
|
||
Comment 17•12 years ago
|
||
Maybe this should fit in the site-specific privacy preferences (see bug 573176) ?
|
||
Updated•11 years ago
|
OS: Mac OS X → All
|
||
Comment 18•7 years ago
|
||
We're going to merge cookies into the site data manager in bug 1421737 and try to make it replace any UI that would present cookies separately from site data, I think it's safe to dupe as I don't see this bug going anywhere (and I don't see the difference to bug 506692).
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•