alohaas
commented
8 years ago @ryancastro thanks for opening this thoroughly described issue. @nilnilnil any input here?
Open ryancastro opened 8 years ago
alohaas
commented
8 years ago @ryancastro thanks for opening this thoroughly described issue. @nilnilnil any input here?
edgesince84
commented
7 years ago hey @ryancastro thanks again for bringing this up. It looks like this one has been addressed and resolved already, so I'll be closing this one up.
While I'm at it, I'd like to invite you to our new forum to preview how we're improving programming-related searches. There are a lot of important tasks up for grabs that we'd like your help with, so feel free to and jump in.
ryancastro
commented
7 years ago Hey @edgesince84 , sorry I don't mean to be trouble but what commit resolved this issue? I didn't see any code changes that would fix this.
The commit referenced above fixed the android implementation of the bug, as it was present on both platforms. Was this closure a mistake, or have I missed committed code that resolved this for iOS?
tagawa
commented
7 years ago Thanks for checking @ryancastro. It does indeed look like this has been fixed for Android but not iOS yet. @sreilly Please feel free to re-close if I've missed something.
SudoPlz
commented
7 years ago https://github.com/duckduckgo/ios/pull/168 should hopefully close the issue.
On the IOS App if you force stop the DuckDuckGo Application and reopen it, HTML5 local storage is still stored. This allows websites to store session information in local storage, and have you trackable even after you've force-stopped the app.
Demo Steps:
Result: Local storage value is still stored. Many websites use local storage for user tracking, and this presents a risk to users privacy.
Bonus fun - I also attempted to clear safari's history/cache/everything in settings, and the local storage data in DuckDuckGo persists.
Once a website has set localstorage data, it appears it will be there foreever, until duckduckgo is removed from the device.