Issue metadata
Sign in to add a comment
|
No known way to in detail control what sites can and cannot store
Reported by
labobol...@gmail.com,
Jul 2 2016
|
||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 Steps to reproduce the problem: 1. Go to a site that use localStorage, sessionStorage, cookies, websql, IndexedSQL to track user's usage of the site and including trackable identifiers for your specific browser (and computer in some cases). I'm sure you know of some site or can write up a simple test page yourself. 2. Now try and control what can be saved. 3. What is the expected behavior? The user should be able to have full control of the browser and what happens if the user wants to. If I want to be allowed only allow/deny a site to store 'somename' in cookies, localStore, etc. What went wrong? No such api exists. The crappy chrome API is proved again to be very crappy. Userscripts are limited and performance intensive (pulling). Chrome extensions are unreliable because they resort to hacks. Manually using DevTools->Resources isn't applicable nor userfriendly way of control. Some sites even resaves every 50 milliseconds, to prevent editing I assume. Chrome settings are simplistic (on/off with exceptions for sites, no detailed control supported as usual). Did this work before? No Chrome version: 51.0.2704.103 Channel: n/a OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: Shockwave Flash 22.0 r0 There was no Privacy option or custom tagging so I chose the closest which is Security. Firefox allows this level of control either via settings or an add-on. Chrome doesn't want users to have control, privacy and security. That's not of interest to Google. Chrome is Googles version of Microsoft's Windows 10.
,
Jul 4 2016
I wouldn't call it simple UX. A simple UX is one that explains itself and is easy to use. A basic UX is restrictive and limits what you can do. Chrome have a basic UX. Firefox have a slightly simple UX (they are in progress of making a chrome clone, ugh) but at the moment it allows advanced users the freedom to do complicated things, for now at least. Everyone's happy. It's all about common sense smart design. The Content Settings UX doesn't provide any settings of controlling the storage containers mentioned above. Even the cookie settings are very basic and simply unusable. The Clear Browser data, clears everything. I can't pick and choose nor is it an acceptable way because it's manual. > We do this so that we can suit the needs of a wide audience while not wasting our engineering effort; It's debatable that you're not already wasting engineering effort. You're also getting help from free volunteers. Free resources. > telemetry shows that very few people ever open Settings at all, let alone use the advanced features you propose. I don't know specifically how you collect telemetry but I should remind you that 'statistics lie'. See "Lies, damned lies, and statistics" https://en.wikipedia.org/wiki/Lies,_damned_lies,_and_statistics I could suggest some books too. Seems like you're doing the same mistake Microsoft is. Using flawed telemetry as an excuse for everything. > If you don't trust a site, you can either not browse to it or you can browse it in Incognito Mode, in which whatever data it stores will be destroyed when you close the last Incognito tab. Come now. Logical fallacy nearly straight from the book. Let's replace site with human. Sometimes you must interact with humans you don't trust. Let's replace site with car. Do you avoid all cars you don't trust. Oh right, you can't. As a human you must acquire the knowledge to protect yourself just as the browser must acquire the security and privacy settings to protect itself (and the user). eg from leaking data, fingerprinting, etc. The way Incognito Mode is designed in Chrome is insecure. It leaks information (security, privacy, tracking. If it was a rain coat I would buy a new one. Many issues have been reported already some months and years old yet you ignore them. > If you do have a specific feature request This was a specific feature request but I could split up this bug but as a developer I would consider that spamming since their all the same thing. Current UX (and extension API) limits the ability for the user to protect itself making Google responsible when something happens because Google tied the users hands, unable to do anything. > politely-written Was something impolitely-written? > bug with the Extensions or UX labels Afaik, the backend doesn't support these new suggested improved UX settings. Should I still place them there anyway? > specifying exactly what you need to achieve your goals. What was unclear? Why didn't you ask? It's really vexing when people complain that something was unclear but doesn't ask questions before that. Such a waste of time. It's just unnecessary and inefficient. > You can use the Defect Report From User template, or the Privacy Issue template (see screenshot). How did you get to that in the screenshot? I can't find it. Searched under the 'new issue' button. If I had seen it I would have used it. I'm all ears... eyes, waiting for your reply.
,
Oct 10 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by palmer@chromium.org
, Jul 3 2016Status: WontFix (was: Unconfirmed)
71.1 KB
71.1 KB View Download
124 KB
124 KB View Download