(In reply to Meridel [:meridel] from comment #34) > Thank you — that's helpful. > > Johann, to make sure I am clear about what potential tracking risk there is, please answer this: Is it true that granting the third party domain access to cross-site cookies means that the third party domain could then track you across other websites if it wanted to? Or is the tracking restricted to oldnavy.com? The storage access restricted to oldnavy.com. The third-party would need to request storage access again, if it needs access under a different top level site. This is implemented with the `3rdPartyStorage` permission, which is double keyed. For example `oldnavy.com` would set the permission `3rdPartyStorage^https://amazonpay.com`
Bug 1706425 Comment 35 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Meridel [:meridel] from comment #34) > Thank you — that's helpful. > > Johann, to make sure I am clear about what potential tracking risk there is, please answer this: Is it true that granting the third party domain access to cross-site cookies means that the third party domain could then track you across other websites if it wanted to? Or is the tracking restricted to oldnavy.com? The storage access is restricted to oldnavy.com. The third-party would need to request storage access again, if it needs access under a different top level site. This is implemented with the `3rdPartyStorage` permission, which is double keyed. For example `oldnavy.com` would set the permission `3rdPartyStorage^https://amazonpay.com`