There was a [short thread on slack](https://mozilla.slack.com/archives/C4D3JFF26/p1769275577948749) based on [this reddit thread](https://old.reddit.com/r/firefox/comments/1qk1xh8/what_does_this_mean_is_duckduckgo_tracking_me/). I'm going to summarize it, because I think we should improve our messaging and information we are exposing. ### STR: Most likely caused by one of our storage access heuristics. There is a simple way of triggering the heuristic and achiving this permission: 1. on google do anything that will lead to duckduckgo 1. search for "duckduckgo" on google and select the search result [duckduckgo.com](http://duckduckgo.com) 2. click on a link to duckduckgo from an email in gmail 2. on duckduckgo do anything that will lead you back towards any `*.google.com` domain. Like 1. search for "google maps" and select [maps.google.com](http://maps.google.com) search result, or 2. enter any bang on ddg that ends up on google domain, e.g. `!gmaps Berlin` 3. `!g test` As long as we have a navigation pattern `A -> B -> A` with user interaction in `B` we will grant storage access permission for `A` to access cookies in `B`. But `B` needs to be embedded in `A` for the cookies to actually be used cross-site. ### Confusion * "What does this mean? Is DuckDuckGo tracking me when I use Google?" * Can duckduckgo access cookies from google? * Can google access cookies from duckduckgo? ### Improve clarity There is some confusion that we can clear up: * DDG is not allowed to access googles cookies. DDG is allowed to access its own unpartitioned cookies while embedded in google.com if the permission is granted as shown in the permissions panel. * Google is not allowed to access duckduckgo cookies. (However, if embedded via iframe duckduckgo could theoretically pass on unpartitioned cookies to google) * Where is the permission coming from: Is it granted via heuristic, or does it come from the storage access api? * Was the permission actually used (was there access to the unpartitioned cookie-jar somehow)? The message currently is somewhat confusing. It is a complex topic to convey. However we can probably do better at improving our messaging. Perhaps a [sumo](https://support.mozilla.org)-article that we can link in addition to more clarity in the permission panel.
Bug 2012692 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
There was a [short thread on slack](https://mozilla.slack.com/archives/C4D3JFF26/p1769275577948749) based on [this reddit thread](https://old.reddit.com/r/firefox/comments/1qk1xh8/what_does_this_mean_is_duckduckgo_tracking_me/). I'm going to summarize it, because I think we should improve our messaging and information we are exposing. ### STR: Most likely caused by one of our storage access heuristics. There is a simple way of triggering the heuristic and achiving this permission: 1. on google do anything that will lead to duckduckgo 1. search for "duckduckgo" on google and select the search result [duckduckgo.com](http://duckduckgo.com) 2. click on a link to duckduckgo from an email in gmail 2. on duckduckgo do anything that will lead you back towards any `*.google.com` domain. Like 1. search for "google maps" and select [maps.google.com](http://maps.google.com) search result, or 2. enter any bang on ddg that ends up on google domain, e.g. `!gmaps Berlin` 3. `!g test` As long as we have a navigation pattern `A -> B -> A` with user interaction in `B` we will grant storage access permission for `A` to access cookies in `B`. But `B` needs to be embedded in `A` for the cookies to actually be used cross-site. ### Confusion * "What does this mean? Is DuckDuckGo tracking me when I use Google?" * Can duckduckgo access cookies from google? * Can google access cookies from duckduckgo? ### Improve clarity There is some confusion that we can clear up: * DDG is not allowed to access googles cookies. DDG is allowed to access its own unpartitioned cookies while embedded in google.com if the permission is granted as shown in the permissions panel. * Google is not allowed to access duckduckgo cookies. (However, if embedded via iframe duckduckgo could theoretically pass on unpartitioned cookies to google) * Where is the permission coming from: Is it granted via heuristic, or does it come from the storage access api? * Was the permission actually used (was there access to the unpartitioned cookie-jar somehow)? The message currently is somewhat confusing. It is a complex topic to convey. However we can probably do better at improving our messaging. Perhaps a [sumo](https://support.mozilla.org)-article that we can link in addition to more clarity in the permission panel. This is current "Learn more"-Link: https://support.mozilla.org/en-US/kb/third-party-trackers#w_managing-cross-site-cookies
There was a [short thread on slack](https://mozilla.slack.com/archives/C4D3JFF26/p1769275577948749) based on [this reddit thread](https://old.reddit.com/r/firefox/comments/1qk1xh8/what_does_this_mean_is_duckduckgo_tracking_me/). I'm going to summarize it, because I think we should improve our messaging and information we are exposing. ### STR: Most likely caused by one of our storage access heuristics. There is a simple way of triggering the heuristic and achiving this permission: 1. on google do anything that will lead to duckduckgo 1. search for "duckduckgo" on google and select the search result [duckduckgo.com](http://duckduckgo.com) 2. click on a link to duckduckgo from an email in gmail 2. on duckduckgo do anything that will lead you back towards any `*.google.com` domain. Like 1. search for "google maps" and select [maps.google.com](http://maps.google.com) search result, or 2. enter any bang on ddg that ends up on google domain, e.g. `!gmaps Berlin` 3. `!g test` As long as we have a navigation pattern `A -> B -> A` with user interaction in `B` we will grant storage access permission for `A` to access cookies in `B`. But `B` needs to be embedded in `A` for the cookies to actually be used cross-site. ### Confusion * "What does this mean? Is DuckDuckGo tracking me when I use Google?" * Can duckduckgo access cookies from google? * Can google access cookies from duckduckgo? ### Improve clarity There is some confusion that we can clear up: * DDG is not allowed to access googles cookies. DDG is allowed to access its own unpartitioned cookies while embedded in google.com if the permission is granted as shown in the permissions panel. * Google is not allowed to access duckduckgo cookies. (However, if embedded via iframe duckduckgo could theoretically pass on unpartitioned cookies to google) * Where is the permission coming from: Is it granted via heuristic, or does it come from the storage access api? * Was the permission actually used (was there access to the unpartitioned cookie-jar somehow)? The message currently is somewhat confusing. It is a complex topic to convey. However we can probably do better by improving our messaging. Perhaps a [sumo](https://support.mozilla.org)-article that we can link in addition to more clarity in the permission panel. This is current "Learn more"-Link: https://support.mozilla.org/en-US/kb/third-party-trackers#w_managing-cross-site-cookies