Web storage - conclusion

 

When I first started looking at web storage, I had no idea that I was going to open such a can of worms - it has all been kept very quiet, despite the fact that websites now have the ability to store tens of Mb`s of data on computers.

I also didn`t realise that I would find not one, but several different forms of webstorage.

In these web pages I have really only looked at the type of web storage known as local storage - but in the process I have come across references to various forms of web storage -

This is all in addition to other forms of storage on computers which websites can use - including

On top of that, the browsers themselves store data in various places, such as

 

-------------------------------

 

As well as all that, there is another type of data that can be stored, called "ChannelID".

ChannelID seems to be a type of user + client identifier, and is used to uniquely identify the user on a particular computer, and is available across all websites that are visited.

I think the idea is that it adds some security to TLS sessions, but it seems to be a wonderful bonus for tracking software.

Now so far I have only ever seen it on Chrome, and only used by Google, so I don`t know whether other browsers are not working with it, or whether they are, but they don`t show it along with the other types of stored data.

 

-------------------------------

 

So it is becoming a major challenge to keep an eye on the data that websites and browsers themselves are storing on your computer.

In addition, I have only looked at desktop style computers - there is a whole world out there of storage on tablets and smartphones.

 

Security issues

When web storage was conceived as part of HTML 5, it was regarded as a good idea that each domain should only be allowed to see its own stored data, however it is now clear that it is trivial for any bit of software that can read inside files and understand the file format to see all the data that has been stored by all domains.

It is also quite clear that web storage is being used quite extensively for user tracking, as well as for the more innocent and useful purposes for which it was intended.

 

What to do now ?

It is difficult to know how to deal with all this - the good guys are developing all kinds of web technologies that may well be useful - such as web apps that work offline - so deleting all web storage data is going to kill these.

But the bad guys are storing all kinds of data on your computer which is going to be used against you in some way - so the more data you can delete the better.

I don`t think the browser developers are helping by hiding web storage - it would be so much more preferable if users could make more informed choices about what data to allow, and what data to block or delete.

As a starting point, maybe people have to be a lot more proactive in deciding which browser to use.

Then they should be looking at what plug-ins are available which will help them to make these choices - some plug-ins are useful, some are rubbish.

Using white lists and black lists might be a helpful strategy as well.

Another possibility for the more technically minded would be to write your own scripts which automatically delete some or all of the data when the browser is closed, or scripts that can be run from an icon on the desktop, for example.

It might be worth thinking about un-installing Silverlight from your computer, as like Flash, it provides a form of storage.

Silverlight is a Microsoft development that is a sort of rival to Flash, it is compatible with Windows and Mac OS, but not Linux. It has had some high profile uses, but I`m not sure how many websites use it - it certainly isn`t as ubiquitous as Flash.

Silverlight will probably go the same way as Flash, as HTML 5 takes over for streaming.

Finally, either manually or through a plug-in, control which websites can use JavaScript - without JavaScript most web storage can`t work.

 

 

 

 

 

website design by ron-t

 

website hosting by freevirtualservers.com

 

© 2024   Ron Turner

 

+                                   +  

 

Link to the W3C website.   Link to the W3C website.