Re: [Bug-gnuzilla] dom.storage is disabled by default in Icecat

[Loic J. Duros]

Hi Francois:

Thanks for making the effort to get Persona to work with LibreJS and
IceCat. Regarding local storage, I disabled it a few versions ago
because of privacy issues with it. Ideally though, we should be able to
give control to the user whether she wants particular data to be stored
or not and make it easy to delete part or all of the data at any
time. Do you know of an extension that would prompt the user to ask
whether to save something in the local storage or not?

If there is currently no such extension, is this something you'd like to
work on, or maybe someone else on the list would like to work on?

Thanks,

Loic

Francois Marier <address@hidden> writes:

> I was trying to make Persona (the privacy-respecting decentralised
> login system -- https://login.persona.org) work with Icecat and ran
> into two issues:
>
> 1. its JavaScript is disabled by LibreJS
> 2. dom.storage (i.e. localStorage and sessionStorage) is disabled by default
>
> For #1, I have started patching Persona to make the licensing info
> conform to what LibreJS expects. This should resolve that problem.
>
> However, #2 is a blocker. May I ask why that feature is disabled? I
> mean, that's like disabling cookies entirely. It breaks the web in a
> big way. In the case of Persona, localStorage is used to store private
> keys so that we can do the crypto client-side and not have to trust
> the server with these keys. It is a necessary component of our privacy
> guarantees.
>
> I can understand that localStorage, like cookies, is a way to store
> tracking data in the browser, which is undesirable. However, clearing
> cookies also clears localStorage, so privacy-conscious users who set
> their browser to automatically clear cookies when the browser shuts
> down will be fine. There's essentially no difference between allowing
> cookies and allowing local storage from a privacy point of view.
>
> Francois
>
> --
> http://gnuzilla.gnu.org