I would like to propose the implementation of a privacy preserving mode functionality avoiding usage of the localStorage.
While working on GlobaLeaks and using the ng-idle/ng2-idle component i've analyzed the implementation an currently noticed that it always use the localStorage of the browser if available and this make the library not suitable for privacy preserving projects that prefer to not use the localStorage to minimize the forensic traces left on the browser of the user.
As a workaround to use ng-idle and ng2-idle in those kind of project i've currently identified that one can just simply delete the object window.localStorage while initializing the application. This will silently force ng-idle and ng2-idle to use just the AlternativeLocalStorage implementation that you have already implemented as a polyfill.
This can be achieved with a simple line: delete window.localStorage;
With this ticket i'm proposing to extend the configuration possibilities of both ng-idle and ng-idle2 to let the user choose if using the browser localStorage or prefer to always use the virtual implementation based on a temporary dictionary.
Thank you if you could evaluate this that is very important for projects like us (currently we are using ng-idle but soon we plan to be using ng2-idle)
Hello @moribvndvs,
I would like to propose the implementation of a privacy preserving mode functionality avoiding usage of the localStorage.
While working on GlobaLeaks and using the ng-idle/ng2-idle component i've analyzed the implementation an currently noticed that it always use the localStorage of the browser if available and this make the library not suitable for privacy preserving projects that prefer to not use the localStorage to minimize the forensic traces left on the browser of the user.
As a workaround to use ng-idle and ng2-idle in those kind of project i've currently identified that one can just simply delete the object window.localStorage while initializing the application. This will silently force ng-idle and ng2-idle to use just the AlternativeLocalStorage implementation that you have already implemented as a polyfill.
This can be achieved with a simple line:
delete window.localStorage;With this ticket i'm proposing to extend the configuration possibilities of both ng-idle and ng-idle2 to let the user choose if using the browser localStorage or prefer to always use the virtual implementation based on a temporary dictionary.
Thank you if you could evaluate this that is very important for projects like us (currently we are using ng-idle but soon we plan to be using ng2-idle)