Closed Bug 1637344 Opened 5 years ago Closed 5 years ago

Add message to show dFPI is incompatible with FPI

Categories

(Firefox :: Settings UI, enhancement, P1)

Product:
Firefox
Component:
Settings UI
Type:
enhancement

Tracking

()

Status:
VERIFIED FIXED
Milestone:
84 Branch
Tracking Flags:
Tracking Status
firefox84 --- verified

People

(Reporter: xeonchen, Assigned: nhnt11)

References

(Blocks 1 open bug)

Details

Attachments

(5 files)

fpi_active.png
70.54 KB, image/png
Details
fpi_no_active.png
83.24 KB, image/png
Details
Bug 1637344 - Show message in privacy preferences to indicate FPI is incompatible with dFPI. r=johannh!
47 bytes, text/x-phabricator-request
Details | Review
Bug 1637344 - Clean up browser_statePartitioning_strings.js. r=Gijs!
47 bytes, text/x-phabricator-request
Details | Review
Bug 1637344 - Remove trailing whitespace mistakenly included in new string. r=cbrindusan!
47 bytes, text/x-phabricator-request
Details | Review

In bug 1631676 we silently convert cookie behavior 5 to 4 (disable Dynamic FPI) if the user has First-Party Isolation enabled.

To make it clearer, we should consider adding some message to remind the user that dFPI is not compatible with FPI.

Severity: -- → S3
Component: Privacy: Anti-Tracking → Preferences
Priority: -- → P3
Product: Core → Firefox
No longer blocks: dfpi-study-ui
Attached image fpi_no_active.png

privacy.firstparty.isolate = false

As an example of what we mean by silently hiding the face that dFPI exists: Comment 1 shows the current Custom UI when privacy.firstparty.isolate = true and Comment 2 shows the UI when ``privacy.firstparty.isolate = false`. The same differences would exist if dFPI were the default cookie policy for Standard / Strict.

We chatted a bit more about our options here, such as possibly displaying a warning message that dFPI and FPI are different, giving users the option to click a button to switch, and adding a learn more page to understand the differences between the two. This approach would put a lot of onus on the user. It may also be confusing if the user also has an extension that forces FPI back on after the user manually disables it. We decided to pivot to a simpler approach.

Since FPI + cookie policy 4 and dFPI (which includes cookie policy 4) both provide isolation, we've decided to keep the UIs here consistent between the two. An FPI user in Standard or Strict will still block cross-site tracking cookies + social media tacker cookies, and isolate all remaining third-party cookies. FPI is just an alternate way (and slightly less web-compatible) way to achieve that. Instead of adding a big warning message that compares the two, we can just add a note that says "First-Party Isolation is enabled. This may override your cookies settings.".

The only consequence of the new approach is that the cookie settings "Cross-site and social media trackers" (cookie behavior 4) and "Cross-site and social media trackers, and isolate remaining cookies" (cookie behavior 5) apply the exact same policy under the hood (i.e., cookie behavior 4 + FPI). If it's not too difficult we can consider hiding "Cross-site and social media trackers" for these users to resolve this issue, but that doesn't seem necessary.

Assignee: nobody → nhnt11
Status: NEW → ASSIGNED
Priority: P3 → P1
Attachment #9186577 - Attachment description: Bug 1637344 - Show message in privacy preferences to indicate FPI is incompatible with dFPI. r=Gijs! → Bug 1637344 - Show message in privacy preferences to indicate FPI is incompatible with dFPI. r=johannh!
Pushed by nhnt11@gmail.com: https://hg.mozilla.org/integration/autoland/rev/3a5c4fa8a47b Show message in privacy preferences to indicate FPI is incompatible with dFPI. r=fluent-reviewers,johannh,preferences-reviewers,flod https://hg.mozilla.org/integration/autoland/rev/9e4048b69861 Clean up browser_statePartitioning_strings.js. r=Gijs,preferences-reviewers,ntim
Pushed by nhnt11@gmail.com: https://hg.mozilla.org/integration/autoland/rev/30dff1eefdce Remove trailing whitespace mistakenly included in new string. r=cbrindusan,fluent-reviewers,flod
Flags: qe-verify+

Verified - Fixed in latest Nightly 85.0a1 (build id: 20201120094511). "Cross-site and social media trackers, and isolate remaining cookies" is displayed in the Cookies drop-down when the privacy.firstparty.isolate pref is set to false.
The "Cross-site and social media trackers, and isolate remaining cookies" is not displayed in Beta 84.0b3 following the same steps. Is that ok?
Thanks!

Flags: needinfo?(senglehardt)

(In reply to Alin Ilea from comment #11)

Verified - Fixed in latest Nightly 85.0a1 (build id: 20201120094511). "Cross-site and social media trackers, and isolate remaining cookies" is displayed in the Cookies drop-down when the privacy.firstparty.isolate pref is set to false.
The "Cross-site and social media trackers, and isolate remaining cookies" is not displayed in Beta 84.0b3 following the same steps. Is that ok?
Thanks!

Thanks! That's expected since dynamic first party isolation is not enabled in beta.

Flags: needinfo?(senglehardt)

Great, thanks for the answer. I will change the status and the flag accordingly.

Status: RESOLVED → VERIFIED
status-firefox84: fixedverified
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: