Update: the WebKit blog post has been updated with a clarification:
Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. Their days of use will match actual use of the web application which resets the timer. We do not expect the first-party in such a web application to have its website data deleted.
That’s definitely a relief, and good thing they cleared this up.
Original continues below:
On the face of it, WebKit’s announcement yesterday titled Full Third-Party Cookie Blocking and More sounds like something I would wholeheartedly welcome. Unfortunately, I can’t because the “and more” bit effectively kills off Offline Web Apps and, with it, the chance to have privacy-respecting apps like the prototype I was exploring earlier in the year based on DAT.
Block all third-party cookies, yes, by all means. But deleting all local storage (including Indexed DB, etc.) after 7 days effectively blocks any future decentralised apps using the browser (client side) as a trusted replication node in a peer-to-peer network. And that’s a huge blow to the future of privacy.
I’m sure that’s entirely a coincidence for a company that wants to force everyone to use their App Store, the open web be damned.
I’m a little confused. I read the Webkit blog post fully, and what it actually says is that website storage will be deleted after seven days of no interaction with that site in Safari. I can see where this could be annoying, but killing web app privacy? It seems to me that this would actually enhance it, deleting data that the user may forget to delete sooner than it otherwise would be, and preventing websites from using offline storage for extended tracking (which, by the way, is indeed a serious problem). It’s also clearly stated that this does not apply to web apps added to the home screen. Can someone clue me in on what piece I’m missing which makes this change such a problem, and a privacy killer?
As I always point out: privacy features are good only if those who don’t want them can opt out.
As long as Apple keeps the ability to accept 3rd party cookies and tokens as on option I’m all for giving privacy seekers the tools they want.
And in this case as long as Apple allows us to turn off automated deletion than I find it an acceptable solution that allows privacy fanatics to be happy and still allow us who wish to have properly targeted advertising tailored to us, a way to appreciate the grand technology that does so.