Jul 15, 2009

Chrome and Privacy Mode

A while back I was playing around with Google Gears and Incognito mode. The test was simple: I store some data in Gears while in Incognito and try to read it while in Normal mode.

The goal
The goal of this test is quite simple: prove that privacy related data (yes, with Gears gaining momentum a lot of apps like Google Docs, Google Reader, Google Calendar, MySpace, etc. are beginning to utilize Gears' SQLite engine to cache information) that was obtained in Incognito mode will persist in Normal mode and vice-versa.

The code
Load the following code in Incognito mode:
var db = google.gears.factory.create('beta.database');
db.open('privacy-test');

db.execute('drop table if exists secret');
db.execute('create table secret (message text)');
db.execute('insert into secret values (?)', "secret message");

Load the following code in Normal mode:
var db = google.gears.factory.create('beta.database');
db.open('privacy-test');

db.execute('create table if not exists secret (message text)');
var rs = db.execute('select message from secret');
if(rs.isValidRow()) {
alert(unescape(rs.field(0)));
}

The result
Data indeed persisted. I've posted the code for Incognito mode here and for Normal mode here.

Conclusion
Browsers' attempt to provide additional privacy to users is noble; however, this is valid only for data that the browser controls directly (e.g. cookies, browser cache). As Web applications are becoming richer in features, third party technologies like Google Gears, Flash, and Silverlight will soon need to start playing the privacy game as well if browsers are to fully allow privacy modes to users.

No comments: