HTML local storage hole - GDPR fails?
[ EDIT: I just noticed local storage cookies mentioned in the article. I missed that before posting. ]
Remember way back when, and we were all deleting our persistent cookies, then it was discovered that flash "super cookies" were being leveraged to restore the persistent data?
Well, now, we have official 'super-cookies' -- html5 local storage can be used not just as a super cache, but to store data that javascript can read and send back to the server.... aka super-cookies.
So....
1) How many browsers clear "local storage" when clearing cookies?
2) All these sites with their GDPR popups etc. - do these sites consider "local storage" the same way as cookies?
3) Have a look at your local_storage files... You'll be shocked.
( on android, these are sqlite3 files in /data/data/*/app_webview/Local\ Storage )
Whilst on the subject of android, for apps that use webview, check the other stuff in app_webview - you'll see all sorts of other stuff including copies of search terms and autofill entries, and these are COPIES - not cleared down by "clear private data" options in most browsers!
Biting the hand that feeds IT
