* Alexander Hosfeld ([EMAIL PROTECTED]) wrote:
> Package: iceweasel
> Version: 2.0+dfsg-1
>
> Hi,
>
> please set dom.storage.enabled to false.
>
> On 14 Dec the Web Hypertext Application Technology Working Group[1]
> submitted the Web Applications 1.0 Standard Working Draft[2]. This
> standard enables a cookie-like system for storing and retrieving
> private data through JavaScript ("client-side session and persistent
> storage"). Since firefox2 this function is implemented and enabled at
> default[4].
>
> Since
> - this is providing a huge (!) privacy hole[3]
> - this is just an inofficial working draft
> - there is no way to change this behaviour in the iceweasel GUI
> - There is no way to en- or disable this setting for particular
> websites
> please set the default in iceweasel to false or remove this function
> from iceweasel.Are these actually anymore dangerous than cookies? And it seems that iceweasel uses the cookie controls to control these as well. I'd definitely like some more opinions before we decide to change this versus firefox. > [1] http://www.whatwg.org > [2] http://www.whatwg.org/specs/web-apps/current-work/ > [3] http://www.whatwg.org/specs/web-apps/current-work/#security0 > [4] http://kb.mozillazine.org/Dom.storage.enabled > -- Eric Dorland <[EMAIL PROTECTED]> ICQ: #61138586, Jabber: [EMAIL PROTECTED] 1024D/16D970C6 097C 4861 9934 27A0 8E1C 2B0A 61E9 8ECF 16D9 70C6
signature.asc
Description: Digital signature
