[Webkit-unassigned] [Bug 157010] New: QuotaExceededError when saving to localStorage in private mode - leaks users browsing preference

Mon Apr 25 17:51:53 PDT 2016

https://bugs.webkit.org/show_bug.cgi?id=157010

            Bug ID: 157010
           Summary: QuotaExceededError when saving to localStorage in
                    private mode - leaks users browsing preference
    Classification: Unclassified
           Product: WebKit
           Version: Safari 9
          Hardware: All
                OS: All
            Status: NEW
          Severity: Major
          Priority: P2
         Component: Platform
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dvoytenko at google.com

`localStorage.setItem` fails in private mode with `QuotaExceededError`. It looks the original bug item for this was https://bugs.webkit.org/show_bug.cgi?id=49329

This is now a clear and "recommended" way for site owners to detect user's private browsing preferences and could be considered a significant privacy issue. See for instance:

http://apple.stackexchange.com/questions/131587/how-can-a-web-site-determine-if-safari-private-browsing-is-turned-on
http://stackoverflow.com/questions/9659103/how-to-detect-users-on-an-iphone-with-private-browsing-enabled

It looks like Safari is the last remaining major browser that still allows leaking of private mode via this approach. The original bug item cited above does not discuss privacy implications. Is it possible to address?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160426/6db9e6b2/attachment.html>