Closed Bug 1590591 Opened 2 years ago Closed 2 years ago

Content blocking doorhanger lists resources whitelisted with skipURLs as "blocked"

Categories

(Firefox :: Protections UI, defect, P1)

defect

Tracking

()

RESOLVED WORKSFORME
Tracking Status
firefox72 --- unaffected
firefox73 - unaffected
firefox74 --- unaffected

People

(Reporter: englehardt, Assigned: johannh)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

STR:

  1. Go to about:config and add a new string pref: urlclassifier.features.fingerprinting.skipURLs set to mobials.com.
  2. Visit https://www.haldimandmotors.com/ and check the content blocking doorhanger

Expected:
The "Fingerprinters" section is under "Allowed" and lists mobials.com and some subdomains as the allowed domains.

Actual:
The "Fingerprinters" section is still under blocked. See the attached screenshot.

This appears to happen both when the skipURLs are set locally as described above, and when they are set with Remote Settings. Oddly enough, I wasn't able to reproduce the same for tracking cookie blocking on https://apps.facebook.com/ppearls/ (where *.apps.fbsbx.com is whitelisted via Remote Settings). I did not test other url classifier features.

In order to debug this I would first start by setting a breakpoint on OnSkipListUpdate to see if it gets called with an argument like "mobials.com" for the fingerprinting feature. If yes, then the next step is to set a breakpoint on GetSkipHostList to see if the skip list is ever used, and if yes, why mobials.com isn't properly allowlisted after that point. I'd expect these breakpoints to trigger in the parent process but they may also trigger in the content process that's rendering the page.

Setting MOZ_LOG=nsChannelClassifier:5 may give you some useful debugging log to shed some light into what's happening here before starting to debug as well.

The priority flag is not set for this bug.
:ewright, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(ewright)
Flags: needinfo?(ewright)

Seems like this is an issue with the frontend, not with the skipURLs mechanism itself? So comment 1 might not be relevant. Based on the screenshot, resources from mobials.com are not being blocked, as expected.

Steve, are skipURLs prefs exposed to users in any way? Or is it used for anything other than debugging/testing?

Flags: needinfo?(senglehardt)

(In reply to Nihanth Subramanya [:nhnt11] from comment #3)

Seems like this is an issue with the frontend, not with the skipURLs mechanism itself? So comment 1 might not be relevant. Based on the screenshot, resources from mobials.com are not being blocked, as expected.

Steve, are skipURLs prefs exposed to users in any way? Or is it used for anything other than debugging/testing?

There are origins that are currently unblocked via skip URLs for real users. See Bug 1581120 as an example. Depending on the results of the fingerprinting blocking studies, we may start using those as well. See Bug 1591200.

Flags: needinfo?(senglehardt)

Feels like a P2 then.

Priority: -- → P2

We will be shipping two whitelisted origins in Firefox 72 using a remote settings skip urls feature, so this bug will end up in front of non-study users in 72. Nihanth: is this something we can get fixed in Firefox 73?

Flags: needinfo?(nhnt11)
Blocks: fpcmblocking

Thanks for the heads up. We can try to uplift this to 73, since it's pretty late in the cycle. 74 should be very do-able.

[Tracking Requested - why for this release]:
Mislabeled UI in the Protections Panel. Will be visible to release channel users from 72 onwards. Good to track this for 73.

Assignee: nobody → nhnt11
Status: NEW → ASSIGNED
Flags: needinfo?(nhnt11)
Priority: P2 → P1

Might be difficult to uplift if there's string changes, but we can keep on eye on this for 73 still.

Hi Nihanth, is this on track for 73 still or is it looking more likely to land for 74 at this point?

Flags: needinfo?(nhnt11)

Looking like 74. Thanks!

Flags: needinfo?(nhnt11)

Hi Nihanth, do you have any update for this bug?

Flags: needinfo?(nhnt11)

Talked about it and I can take it. We might briefly want to talk about this, I'll bring it up in the meeting.

Assignee: nhnt11 → jhofmann
Flags: needinfo?(nhnt11)

Turns out this already works as expected if we simply skiplist both annotation and tracking features. We decided to add some documentation for how to correctly add interventions here: https://wiki.mozilla.org/Privacy/Anti-Tracking/Interventions (WIP)

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME

(In reply to Johann Hofmann [:johannh] from comment #13)

Turns out this already works as expected if we simply skiplist both annotation and tracking features. We decided to add some documentation for how to correctly add interventions here: https://wiki.mozilla.org/Privacy/Anti-Tracking/Interventions (WIP)

I've pushed annotation skiplist entries for the two interventions currently live and verified that this UI issue is no longer present.

You need to log in before you can comment on or make changes to this bug.