Now that is a frightening observation. Is this creating a more persistent (pernicious?) tracking mechanism?
In that case, credentials stored by a site should last no longer than cookies. Credentials created by a user maybe can live longer. On 12 Mar 2016 04:41, "Anne van Kesteren" <ann...@annevk.nl> wrote: > On Fri, Mar 11, 2016 at 6:08 PM, <richard.bar...@gmail.com> wrote: > > That does raise the question, however, of how such a credential differs > from, say: > > > > * A cookie > > * A random nonce in localStorage/IDB > > * A non-extractable WebCrypto key > > The idea is that these are all less persistent. When you clear > storage/cookies, you don't delete password manager entries. (Which is > also why store() requires UI, if I remember correctly.) > > > -- > https://annevankesteren.nl/ > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
