While using Debugging Tool, We observed browser is not blocking third-party cookies for a tracker explicitly mentioned by user in "about:config" list
Categories
(Core :: Privacy: Anti-Tracking, defect)
Tracking
()
People
(Reporter: beingshobhit, Assigned: dimi)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
Steps to reproduce:
I went into about:config of Mozilla to explicitly mention "disqus.com" as a tracker.
Then I somehow visited www.etherscan.io, and clicked on Disqus comments present in the bottom of the page.
Actual results:
Then, I inspected the page, went into Network Request header, and found that there is a Content Blocking Shield next to disqus.com, but cookies are still sent to "disqus.com" by the browser.
Expected results:
We have clearly marked "Disqus.com" as a tracker. So, if any third-party component is a tracker, Mozilla must restrict sending cookies to that tracker. Thus, here "disqus.com" should have not received the cookies from browser.
|
Reporter | |
Updated•5 years ago
|
|
||
Comment 1•5 years ago
|
||
(In reply to beingshobhit from comment #0)
I went into about:config of Mozilla to explicitly mention "disqus.com" as a tracker.
Using which preference?
|
|
Reporter | |
Comment 2•5 years ago
|
||
I used 'Strict Protection' preference.
|
|
||
Comment 3•5 years ago
|
||
(In reply to beingshobhit from comment #2)
I used 'Strict Protection' preference.
My question was how/where you added disqus.com in about:config.
|
|
Reporter | |
Comment 4•5 years ago
|
||
I added a preference name "urlclassifier.trackingAnnotationTable.testEntries" in about:config , and set its string value to "disqus.com".
|
|
||
Comment 5•5 years ago
|
||
Hopefully Ehsan can explain what TP is and is not supposed to do based on that pref.
|
||
Comment 6•5 years ago
|
||
If you're curious to know exactly what's going on behind the scenes, you can turn on the relevant logs using the following environment variables: MOZ_LOG=nsChannelClassifier:5,AntiTracking:5 MOZ_LOG_FILE=log-file, but the urlclassifier.trackingAnnotationTable.testEntries preference isn't intended for users to edit (which is why it's a hidden preference.) FWIW this pref isn't really tested and using it some things may not work very well, so be warned if you're going to explore this path. :-)
Probably more relevant to your question, disqus.com is on the "Level 2" Disconnect block list which isn't yet turned on in ETP by default yet. You can use the privacy.annotate_channels.strict_list.enabled pref to turn it on manually if you'd like to test how things would look like when Firefox blocks cookies/storage from disqus.com. We're tracking the work to enable this preference for all users over in bug 1501461. I think this bug is probably a duplicate of bug 1501461...
|
|
||
Comment 7•5 years ago
|
||
(In reply to :ehsan akhgari from comment #6)
If you're curious to know exactly what's going on behind the scenes, you can turn on the relevant logs using the following environment variables:
MOZ_LOG=nsChannelClassifier:5,AntiTracking:5 MOZ_LOG_FILE=log-file, but theurlclassifier.trackingAnnotationTable.testEntriespreference isn't intended for users to edit (which is why it's a hidden preference.) FWIW this pref isn't really tested and using it some things may not work very well, so be warned if you're going to explore this path. :-)
BTW as I have mentioned in bug 1589407 comment 0, I highly suspect that this preference is currently not functioning correctly...
| Comment hidden (obsolete) |
|
Assignee | |
Comment 9•5 years ago
|
||
I thought that "urlclassifier.trackingAnnotationTable.testEntries" didn't work in some cases, but I tested the pref, The pref works on both release build and nightly build. As ehsan pointed out, this is a duplicate of bug 1501461.
Description
•