First-party cookies are not removed after a daily cleanup
Categories
(Core :: Privacy: Anti-Tracking, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr68 | --- | unaffected |
| firefox74 | --- | unaffected |
| firefox75 | --- | unaffected |
| firefox76 | --- | disabled |
| firefox77 | --- | verified |
People
(Reporter: sbadau, Assigned: johannh)
References
(Blocks 1 open bug)
Details
(Keywords: regression)
Attachments
(1 file, 1 obsolete file)
Affected versions
- Nightly 76.0a1
Affected platforms
- All
Prerequisites:
-
Use a new profile.
-
In about:config set the preferences
-- privacy.purge_trackers.enabled=true.
-- privacy.userInteraction.expiration =1. -
Make sure that in the Settings of the Web Console, "Enabled browser chrome and add-on debugging toolboxes" is checked.
Steps to reproduce
- Launch Firefox
- Navigate to one or two popular websites to create some cookies and site storage
(interacted with Amazon, YouTube, Google.com, Yandex.ru, BBC and USAToday) - Go to about:preferences#privacy and observe the cookies from the "Manage Cookies and Site Data" dialog.
- Open the Browser Console, type and enter `Services.obs.notifyObservers(null, "idle-daily");' to send the idle-daily notification manually.
- Check again the cookies from the "Manage Cookies and Site Data" dialog.
- Open the Browser Console and to send the 30 days passed interaction timeout manually - type and enter:
await Components.classes["@mozilla.org/purge-tracker-service;1"].getService(Components.interfaces.nsIPurgeTrackerService).purgeTrackingCookieJars() - Check again the cookies from the "Manage Cookies and Site Data" dialog.
Expected result
- in step 5 - the third-party cookies from the Disconnect Tracking Protection list should be removed.
- in step 7 - the first-party cookies from the Disconnect Tracking Protection list should be removed.
Actual result
- in step 7 - the first-party cookies are not removed.
For more details, please look at the screencast:
https://drive.google.com/file/d/1-gbji5YaiV2wwawEKEuLFKQELvw23L7I/view
Additional notes
- in step 5 - mc.yandex.ru as a third-party cookie should also be removed. Should I file a new bug for this particular case?
|
||
Comment 1•6 years ago
|
||
(In reply to Simona Badau from comment #0)
Expected result
- in step 5 - the third-party cookies from the Disconnect Tracking Protection list should be removed.
- in step 7 - the first-party cookies from the Disconnect Tracking Protection list should be removed.
I expect both tracking cookies that have received user interaction in the first-party context and those that have not to be purged when you run Services.obs.notifyObservers(null, "idle-daily"); (i.e., after step 5). This is the notification that will trigger purging during normal operation.
Additional notes
- in step 5 - mc.yandex.ru as a third-party cookie should also be removed. Should I file a new bug for this particular case?
Yes please! As long as you didn't interact with mc.yandex.ru then it's likely a separate issue. That origin is on the disconnect list and your screencast does have a cookie set so it should be cleared. I suspect this might happen because yandex.ru has interaction.
|
|
||
Comment 2•6 years ago
|
||
If I set the prefs as described in Comment 0 and visit google.com, perform a search, close the tab, and then open the browser console and run await Components.classes["@mozilla.org/purge-tracker-service;1"].getService(Components.interfaces.nsIPurgeTrackerService).purgeTrackingCookieJars() I see:
22:23:53.955 *** PurgeTrackerService:: Purging trackers enabled, beginning batch. PurgeTrackerService.jsm:283:16
22:23:53.965 *** PurgeTrackerService:: tracking cookie found with no interaction permission, deleting related data. doubleclick.net PurgeTrackerService.jsm:283:16
22:23:53.973 *** PurgeTrackerService:: Data deleted from: doubleclick.net PurgeTrackerService.jsm:283:16
22:23:53.974 *** PurgeTrackerService:: All cookie purging finished, resetting list until tomorrow.
if I then restart the browser and re-run the purgeTrackingCookieJars(); command I see:
22:26:18.947 *** PurgeTrackerService:: Purging trackers enabled, beginning batch. PurgeTrackerService.jsm:283:16
22:26:18.957 *** PurgeTrackerService:: tracking cookie found with no interaction permission, deleting related data. google.com PurgeTrackerService.jsm:283:16
22:26:18.967 *** PurgeTrackerService:: Data deleted from: google.com PurgeTrackerService.jsm:283:16
22:26:18.968 *** PurgeTrackerService:: tracking cookie found with no interaction permission, deleting related data. google.com PurgeTrackerService.jsm:283:16
22:26:18.974 *** PurgeTrackerService:: Data deleted from: google.com PurgeTrackerService.jsm:283:16
22:26:18.975 *** PurgeTrackerService:: tracking cookie found with no interaction permission, deleting related data. google.com PurgeTrackerService.jsm:283:16
22:26:18.980 *** PurgeTrackerService:: Data deleted from: google.com PurgeTrackerService.jsm:283:16
22:26:18.980 *** PurgeTrackerService:: tracking cookie found with no interaction permission, deleting related data. google.com PurgeTrackerService.jsm:283:16
22:26:18.985 *** PurgeTrackerService:: Data deleted from: google.com PurgeTrackerService.jsm:283:16
22:26:18.987 *** PurgeTrackerService:: tracking cookie found with no interaction permission, deleting related data. google.com PurgeTrackerService.jsm:283:16
22:26:18.991 *** PurgeTrackerService:: Data deleted from: google.com PurgeTrackerService.jsm:283:16
22:26:18.992 *** PurgeTrackerService:: tracking cookie found with no interaction permission, deleting related data. www.google.com PurgeTrackerService.jsm:283:16
22:26:19.035 undefined
22:26:19.033 *** PurgeTrackerService:: Data deleted from: www.google.com PurgeTrackerService.jsm:283:16
22:26:19.035 *** PurgeTrackerService:: All cookie purging finished, resetting list until tomorrow. PurgeTrackerService.jsm:283:16
|
|
||
Updated•6 years ago
|
|
||
Comment 4•6 years ago
|
||
Bugbug thinks this bug is a regression, but please revert this change in case of error.
|
Assignee | |
Updated•6 years ago
|
|
|
Assignee | |
Comment 5•6 years ago
|
||
Yup, it looks like the permission manager doesn't do expiration checks for getAllWithTypePrefix and getAllForPrincipal 🤦♂️
|
|
Assignee | |
Comment 6•5 years ago
|
||
Baku, is this fixed with your recent refactorings?
|
||
Comment 8•5 years ago
|
||
No, it's not. This bug is all yours if you want.
|
|
Assignee | |
Comment 9•5 years ago
|
||
We're using nsIStorageActivityService to get only principals that were using storage in the last 3 days.
A few notes on that:
-
3 days is based on the assumption that it's very unlikely that a client would miss idle daily for 3 days in a row.
-
We're currently only persisting activity for up to 24 hours. Bug 1630598 tracks extension to 3 days.
-
We're currently not persisting storage activity service across restarts. This is bug 1459974 which we're aiming to resolve.
-
This will not immediately clear all old tracking storage, only when it is used another time. In the same vein
there's a chance the we miss clearing if the user manages to persistently have Firefox sessions that are so short
that idle-daily is rarely triggered. This would be problematic for cookie purging in general, though. -
This produces a significantly lower number of principals to check. We could consider switching cookies
to the same approach (only get the last x days of activity).
I talked to Steve Englehardt and we're generally okay with these caveats in favor of the simplified implementation.
|
||
Comment 10•5 years ago
|
||
|
|
Assignee | |
Comment 11•5 years ago
|
||
Ok, duh, I submitted the patch for bug 1619625 on this bug instead :(
I'll rename this bug and file a new one, and mark bug 1619625 as dupe 😬
|
|
Assignee | |
Comment 12•5 years ago
|
||
Or ask for a backout, maybe that's better to avoid confusing QA here...
|
||
Comment 13•5 years ago
|
||
Backed out changeset 9cb0695cee1f (bug 1627220) on dev's request
Backout:
https://hg.mozilla.org/integration/autoland/rev/ddeeb9ce1712782fe5acc81ef4b0e20cfae15728
|
||
Comment 14•5 years ago
|
||
Comment on attachment 9140992 [details]
Bug 1627220 - Consider quota manager activity for cookie purging. r=ewright
Revision D71173 was moved to bug 1619625. Setting attachment 9140992 [details] to obsolete.
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 15•5 years ago
|
||
|
|
||
Comment 16•5 years ago
|
||
|
|
||
Comment 17•5 years ago
|
||
Backed out changeset b1f668b65e69 (Bug 1627220) for causing xpcshell failures at extensions/permissions/test/unit/test_permmanager_expiration.js
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=299568461&repo=autoland&lineNumber=4294
[task 2020-04-27T14:26:22.648Z] 14:26:22 INFO - TEST-START | extensions/permissions/test/unit/test_permmanager_expiration.js
[task 2020-04-27T14:26:22.938Z] 14:26:22 WARNING - TEST-UNEXPECTED-FAIL | extensions/permissions/test/unit/test_permmanager_expiration.js | xpcshell return code: 0
[task 2020-04-27T14:26:22.939Z] 14:26:22 INFO - TEST-INFO took 308ms
[task 2020-04-27T14:26:22.939Z] 14:26:22 INFO - >>>>>>>
[task 2020-04-27T14:26:22.939Z] 14:26:22 INFO - (xpcshell/head.js) | test MAIN run_test pending (1)
[task 2020-04-27T14:26:22.939Z] 14:26:22 INFO - (xpcshell/head.js) | test pending (2)
[task 2020-04-27T14:26:22.939Z] 14:26:22 INFO - TEST-PASS | extensions/permissions/test/unit/test_permmanager_expiration.js | do_run_test - [do_run_test : 84] 1 == 1
[task 2020-04-27T14:26:22.939Z] 14:26:22 INFO - TEST-PASS | extensions/permissions/test/unit/test_permmanager_expiration.js | do_run_test - [do_run_test : 88] 1 == 1
[task 2020-04-27T14:26:22.939Z] 14:26:22 INFO - TEST-PASS | extensions/permissions/test/unit/test_permmanager_expiration.js | do_run_test - [do_run_test : 92] 1 == 1
[task 2020-04-27T14:26:22.939Z] 14:26:22 INFO - TEST-PASS | extensions/permissions/test/unit/test_permmanager_expiration.js | do_run_test - [do_run_test : 96] 1 == 1
[task 2020-04-27T14:26:22.940Z] 14:26:22 INFO - TEST-PASS | extensions/permissions/test/unit/test_permmanager_expiration.js | do_run_test - [do_run_test : 97] 1 == 1
[task 2020-04-27T14:26:22.940Z] 14:26:22 INFO - TEST-PASS | extensions/permissions/test/unit/test_permmanager_expiration.js | do_run_test - [do_run_test : 101] 1 == 1
[task 2020-04-27T14:26:22.940Z] 14:26:22 INFO - (xpcshell/head.js) | test MAIN run_test finished (2)
[task 2020-04-27T14:26:22.940Z] 14:26:22 INFO - running event loop
[task 2020-04-27T14:26:22.940Z] 14:26:22 INFO - "CONSOLE_MESSAGE: (info) No chrome package registered for chrome://branding/locale/brand.properties"
[task 2020-04-27T14:26:22.943Z] 14:26:22 INFO - TEST-PASS | extensions/permissions/test/unit/test_permmanager_expiration.js | do_run_test - [do_run_test : 106] 0 == 0
[task 2020-04-27T14:26:22.944Z] 14:26:22 INFO - TEST-PASS | extensions/permissions/test/unit/test_permmanager_expiration.js | do_run_test - [do_run_test : 110] 0 == 0
[task 2020-04-27T14:26:22.944Z] 14:26:22 WARNING - TEST-UNEXPECTED-FAIL | extensions/permissions/test/unit/test_permmanager_expiration.js | do_run_test - [do_run_test : 115] 5 == 3
[task 2020-04-27T14:26:22.944Z] 14:26:22 INFO - /Users/cltbld/tasks/task_1587995910/build/tests/xpcshell/tests/extensions/permissions/test/unit/test_permmanager_expiration.js:do_run_test:115
[task 2020-04-27T14:26:22.944Z] 14:26:22 INFO - /Users/cltbld/tasks/task_1587995910/build/tests/xpcshell/tests/extensions/permissions/test/unit/head.js:do_run_generator:11
[task 2020-04-27T14:26:22.944Z] 14:26:22 INFO - /Users/cltbld/tasks/task_1587995910/build/tests/xpcshell/tests/extensions/permissions/test/unit/test_permmanager_expiration.js:continue_test:13
[task 2020-04-27T14:26:22.944Z] 14:26:22 INFO - /Users/cltbld/tasks/task_1587995910/build/tests/xpcshell/head.js:notify:215
[task 2020-04-27T14:26:22.944Z] 14:26:22 INFO - /Users/cltbld/tasks/task_1587995910/build/tests/xpcshell/head.js:_do_main:242
[task 2020-04-27T14:26:22.944Z] 14:26:22 INFO - /Users/cltbld/tasks/task_1587995910/build/tests/xpcshell/head.js:_execute_test:569
[task 2020-04-27T14:26:22.945Z] 14:26:22 INFO - -e:null:1
[task 2020-04-27T14:26:22.945Z] 14:26:22 INFO - exiting test
[task 2020-04-27T14:26:22.945Z] 14:26:22 INFO - caught exception [Exception... "Abort" nsresult: "0x80004004 (NS_ERROR_ABORT)" location: "JS frame :: /Users/cltbld/tasks/task_1587995910/build/tests/xpcshell/head.js :: _abort_failed_test :: line 787" data: no]
[task 2020-04-27T14:26:22.945Z] 14:26:22 INFO - /Users/cltbld/tasks/task_1587995910/build/tests/xpcshell/tests/extensions/permissions/test/unit/test_permmanager_expiration.js:continue_test:13
[task 2020-04-27T14:26:22.945Z] 14:26:22 INFO - /Users/cltbld/tasks/task_1587995910/build/tests/xpcshell/head.js:notify:215
[task 2020-04-27T14:26:22.945Z] 14:26:22 INFO - /Users/cltbld/tasks/task_1587995910/build/tests/xpcshell/head.js:_do_main:242
[task 2020-04-27T14:26:22.945Z] 14:26:22 INFO - /Users/cltbld/tasks/task_1587995910/build/tests/xpcshell/head.js:_execute_test:569
[task 2020-04-27T14:26:22.945Z] 14:26:22 INFO - -e:null:1
[task 2020-04-27T14:26:22.945Z] 14:26:22 INFO - exiting test
|
|
||
Comment 18•5 years ago
|
||
|
|
||
Comment 19•5 years ago
|
||
|
|
Assignee | |
Updated•5 years ago
|
|
|
||
Comment 20•5 years ago
|
||
| bugherder | ||
|
Reporter | |
Comment 21•5 years ago
|
||
Verified as fixed on the latest Nightly 77.0a1 - on Windows 10 x64, Ubuntu 18.04, and Mac OS X 10.15 - I can confirm that both tracking cookies that have received user interaction in the first-party context and those that have not are being purged.
Description
•