Remove Use of "DOM Storage" for Video Player (When using IE; or otherwise)



  • …it appears that the video player (using Flash or otherwise) uses "DOM Storage", which is basically like a supercookie few people even know existed, that stored in the Windows Registry for every site you ever went to as long as you had the computer.

    Assuming your OS uses it, you can find the store as:
    HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage

    I noticed when I disabled usage (can be done under advanced options in IE), the video player no longer loads. When I reenable it, it works fine again.

    Although this may be because of how the DRM technology works; if able, it would be nice to have a future player not require such usage. It is not a requirement, as for instance YouTube videos that also use Flash or HTML5 (same as Funimation Player; Hulu based) load without problem.

    As this site goes to a new player, this may no longer be an issue in the future; alas it is hard to tell depending on why it exists. In either case, I like to keep it disabled otherwise for self-evident privacy reason when using the Internet, as I don't like giving a backdoor to my computer to anyone smart enough, thank you very much…



  • I agree with the fact that they should remove it if it is not absolutely recessary in order to remove a potential security issue. But as the DOM storage seems to be a W3C standard, disabling it on your browser will probably cause problems on many other websites too.



  • @the_krock:

    But as the DOM storage seems to be a W3C standard, disabling it on your browser will probably cause problems on many other websites too.

    True, depends on the site. However, for things I do it appears to be fine. It is always possible to toggle it (which I do at moment), alas I am generally against "unnecessary" features, if it can be helped.

    I was thinking, this could be part of the DRM that stops proxy usage, as requiring something to be stored on the end user would make proxy servers less effective; alas simply a theory, it is so…



  • Since we're moving to the new site this summer and we're really not doing any development on the current player in order to focus resources on the new site, I doubt anything can be changed.

    DOM Storage is used possibly for DRM. The security token is saved in there as well as your session ID. It also saves some data on your computer to help with performance. None of that information is provided to third parties, though, and is only used to help the site function and to sell you anime. You can opt out of the third party tracking tools that we use by using the links on our Privacy Policy. Even though we don't use third-party ads, the first party ads served on the site are from Google AdWords.

    I did get Hulu to work with DOM Storage disabled. I was able to log in and watch a random episode of the Simpsons. The only things that didn't work were resume and the picture preview while scrubbing during playback. Those make sense because in order to serve that much data quickly and not bring down performance, the player would need to rely on the user's computer a bit.

    Then I tried on Netflix. Netflix let me log in and choose my profile, but nothing else loaded. It was just a dark gray screen of nothing. This makes total sense because Netflix is nothing but recommended videos.

    I then tested on the FunimationNow UK site, which will be functionally very similar to the new US site, and with DOM Storage enabled, I wasn't able to log in. The loading circle just spun forever. I then tried the video player as an anonymous user and just got a black screen. Then I enabled DOM Storage again, and everything worked.

    I can ask if there is a way to make the new site work without it, but even if it's approved, it won't be available at launch. In the meantime, I can ask for exactly what it is being used for, so that you can understand more about what is being tracked and how we and the service use that data. I can also ask if there is a way to opt out of certain features.

    Your best option for now would be a way to delete your DOM Storage upon browser exit, preferably automatically. That way, the site only has access to the storage while you are on it. I found this thread that might be helpful: http://forum.piriform.com/?showtopic=42218 Deleting DOM Storage every time will probably affect what is recommended to you on the new site. For example, you might only see things based on your saved Watch History on the server side and not also based on your browsing habits on the site.



  • @Sophie:

    I can ask if there is a way to make the new site work without it, but even if it's approved, it won't be available at launch. In the meantime, I can ask for exactly what it is being used for, so that you can understand more about what is being tracked and how we and the service use that data. I can also ask if there is a way to opt out of certain features.

    Your best option for now would be a way to delete your DOM Storage upon browser exit, preferably automatically. That way, the site only has access to the storage while you are on it. I found this thread that might be helpful: http://forum.piriform.com/?showtopic=42218 Deleting DOM Storage every time will probably affect what is recommended to you on the new site. For example, you might only see things based on your saved Watch History on the server side and not also based on your browsing habits on the site.

    Yes, thank you for your very detailed post. I can see you did your homework :)

    Indeed, as far as my relationship with Funimation is concerned, it is more of an annoyance then functional critically. With IE at least, it is not possible to whitelist sites (at least not using the UI) to allow DOM, while banning others. So if I really care that much, I have to manually do it.

    I understand this of course is a VERY low priory thing; many more problems with FUNI apps at moment, and I am not expecting any changes per se. Simply a clarification of the matter is fine, and you did provide some info. Alas, I am more concerned with what Obama/NSA/China is gonna do with comprised info then Funimation is, in either case :)



  • @thegrandalliance:

    With IE at least, it is not possible to whitelist sites (at least not using the UI) to allow DOM, while banning others.

    I wasn't able to find anything for that matter in Firefox and Chrome neither, it's either completely on or off.
    Though there seems to be add-ons that remove all the web/dom storage's content on browser exit, but that don't change the fact that it is still writing local data at some point.



  • @the_krock:

    I wasn't able to find anything for that matter in Firefox and Chrome neither,

    The real "joke" is that all of these browsers claim to "protect privacy" and claim that "they delete browser history", when in reality the opposite is true. Alas, it is all just a backdoor for the NSA; as we all know of course :)



  • @thegrandalliance:

    The real "joke" is that all of these browsers claim to "protect privacy" and claim that "they delete browser history", when in reality the opposite is true. Alas, it is all just a backdoor for the NSA; as we all know of course

    I don't think privacy exists on the internet anymore (not sure if it ever did either).
    Honestly I think that this dom storage probably has a use for legit things too (never had any use for it personally though), but if it can be used as a backdoor, it surely will.


Log in to reply