Mozilla seems to have been able to implement modern privacy protections without specs. So it’s only Blink that doesn’t have them.
-
-
From a pure consistency perspective, it remains astonishing that this hangs off of `document` (not navigator), is called `requestStorageAccess()` and only gives you cookies (takes no arguments to specify), and still doesn't integrate into the Permissions API
-
What I got from the conversation in '17 (perhaps I wasn't listening closely enough?) was "here's what we implemented and are going to ship, no we can't make changes". This is de-facto hostile to the iterative process that makes for good design. People were (and are) sensibly agog
- 6 more replies
New conversation -
-
-
Alex, I don't think it's fair to sum up your behavior at that meeting as "objections."
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
FWIW, Firefox does hook the API up to broadcast channel, etc. See https://searchfox.org/mozilla-central/source/toolkit/components/antitracking/StoragePrincipalHelper.h … for context and the general search https://searchfox.org/mozilla-central/search?q=storageprincipal&path= … for impl consumptions.
-
This seems a bit worrying: https://searchfox.org/mozilla-central/rev/b3b401254229f0a26f7ee625ef5f09c6c31e3949/toolkit/components/antitracking/StoragePrincipalHelper.h#102-103 … "This makes it possible for such globals to bi-directionally bridge information between partitioned and non-partitioned principals."
- 8 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.
You need to land all the privacy protections in Blink first – Partitioned DOM Storage, partitioned ServiceWorkers, partitioned cache, the Storage Access API, capped expiry of client-side cookies, and URL decoration mitigations. 