Imagine browsers offering synced window.localStorage, with an in-browser UI for whether you’re logged in to a site. It would be like iCloud for the web - syncing data via your browser sync password, obviating the need to create a new account for every application that wants to store data, as you’re already logged in to iCloud.

Conceptually, the user could whitelist sites to allow this; the browser would integrate the whitelist into the log-in UI. This would let the browser keep you logged in forever, fixing the terrible short cookie expiry timelines that browsers enforce now to limit tracking. The in-browser UI would be unspoofable (like eg the Firefox extension installation UI), and it would be impossible to phish the credentials (sort of – attackers could phish the credentials for the sync service, but not individual websites that use it).

Allowing data to live forever, sync across devices, and be tied to the browser sync profile would mean that apps could rely on static hosting for JavaScript/WebAssembly, and localStorage for user data. Today, lots of apps basically use a server just for hosting user data since browser storage is so unreliable – those apps could be ported to the web (many automatically with webasm) and live ~forever without requiring hosting costs and security updates. Basically any app designed to run on a desktop operating system and save data to the hard drive could be ported – MS Paint, Text, a full Linux virtual machine with a persistent filesystem via v86.

Details to work out: Do you allow sharing data between websites? iCloud doesn’t, which is annoying, but the implementation is simpler. The best implementations would be end-to-end encrypted. Ideally, you’d be able to mix and match storage providers between different browsers, like using Firefox on Windows to sync with Safari on an iPad.

A browser extension could do this, but then sites would have to support it specifically. Might be useful as a proof of concept though. I wonder if there are enough primitives in Safari extensions to implement it today?

Micah R Ledbetter @micahrl