Delivery-Date: Fri, 20 Jun 2014 13:27:48 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 6BFE71E0BE4
	for <archiver@seul.org>; Fri, 20 Jun 2014 13:27:46 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 8CB572FAF7;
	Fri, 20 Jun 2014 17:27:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 83F0530211
 for <tor-talk@lists.torproject.org>; Fri, 20 Jun 2014 17:17:15 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id htMkWtZWyWcn for <tor-talk@lists.torproject.org>;
 Fri, 20 Jun 2014 17:17:15 +0000 (UTC)
Received: from mail-wg0-x234.google.com (mail-wg0-x234.google.com
 [IPv6:2a00:1450:400c:c00::234])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 1DB8E3020C
 for <tor-talk@lists.torproject.org>; Fri, 20 Jun 2014 17:17:15 +0000 (UTC)
Received: by mail-wg0-f52.google.com with SMTP id b13so4012845wgh.35
 for <tor-talk@lists.torproject.org>; Fri, 20 Jun 2014 10:17:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=message-id:date:from:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type;
 bh=2eG2gpui6FUQAuPHDFxlcZloxBJp/mFKN7IDo5Y6WaI=;
 b=tiKWS1GRbK4W3UXgewFQcqY9fq0Ki0SjWDHHl2TxOA5/MPAuM3cxbrZ3xauoU0G7fm
 aHwXQIzUIMszzpjAANh6acplnYJZr58hdKZdOjU9WL+7cGFlfmCyTAXFMyOBk2TvbvNk
 mKAyjgVZbgxN5SJ3JGeH+Y69q6fwYnFIO6AHcUECEc8d4J+4FILUdsDPJ4EkJfETrcTz
 ujDi4pK/dzS1yCsjZtKA84M/RnK02TpX5WhIEea+S8kikzhbp2C0LlCBFqpSNKWqXhS2
 9WDW9AODO+Qj29YOesZv3I7UFKl+bRCH5Ew4pudlxMpYS+chnJOKwhrVcmKB9RB2NsAr
 M5pA==
X-Received: by 10.194.82.106 with SMTP id h10mr5223411wjy.115.1403284629610;
 Fri, 20 Jun 2014 10:17:09 -0700 (PDT)
Received: from [192.168.1.11] (ANice-652-1-132-44.w83-201.abo.wanadoo.fr.
 [83.201.83.44])
 by mx.google.com with ESMTPSA id o12sm6411723wiw.5.2014.06.20.10.17.08
 for <tor-talk@lists.torproject.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Fri, 20 Jun 2014 10:17:08 -0700 (PDT)
Message-ID: <53A46C99.2060006@gmail.com>
Date: Fri, 20 Jun 2014 19:17:13 +0200
From: Aymeric Vitte <vitteaymeric@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <53A30C94.1080506@gmx.com> <53A33139.7050405@torproject.org>
 <53A3634D.4010101@gmail.com> <53A3F457.6020309@torproject.org>
 <53A3FD72.1080103@gmail.com> <53A449ED.5030204@torproject.org>
In-Reply-To: <53A449ED.5030204@torproject.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Should DOM storage really be enabled by default in
 TorBrowser?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


So to summarize, localStorage is following strictly the cookie policy, =

the Tor Browser does not save it to the disk and has implemented a patch =

for this and to fix the FF bug for third party localStorage.

But localStorage is not only about cookie-like uses.

I understand that the philosophy is not to break the sites as far as =

possible, now I don't see what is so valuable in DOM storage to desserve =

these efforts (given that for cookie-like uses it's useless since it =

only works when cookies are activated, for other uses localStorage is =

dangerous and anyway indexedDB should be preferred now, and indexedDB is =

not active in Tor Browser) and to take the risk to let it active, you =

are still at the mercy of a FF bug, so personnaly I would deactivate it =

by default and offer an option in the Page Info/permissions (which does =

not exist in FF), or a global option (always ask, etc), most of the =

users absolutely don't know that things are stored, even if it's on a =

temporary basis for the Tor browser.


Le 20/06/2014 16:49, Georg Koppen a =E9crit :
> Aymeric Vitte:
>> So the logic is: we accept non third party cookies, therefore we accept
>> localStorage and we suppose localStorage is disabled for third parties.
> [snip]
>
>> And what's the point of allowing localStorage if you allow non third
>> party cookies?
> That is covered in
>
> https://www.torproject.org/projects/torbrowser/design/#philosophy
>
> See the whole design document for getting our idea(s). Why we are not
> allowing 3rd party cookies yet is explained in 4.5.1. DOM Storage is the
> subject of section 4.5.4.
>
> The commit I've been talking about is
> https://gitweb.torproject.org/tor-browser.git/commit/5392d2ed679eaaa078f5=
c667573ef0698ec65345
>
> Georg
>
>
>
>

-- =

Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

