Add the ability to remotely exempt urls from partitioning
Categories
(Core :: Privacy: Anti-Tracking, enhancement, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox80 | --- | fixed |
People
(Reporter: englehardt, Assigned: xeonchen)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
We currently have a url-classifier-skip-urls collection on remote settings that allows us to remotely unblock trackers immediately across all channels. This has proven quite useful in fixing breakage (sometime pretty significant) temporarily while we work on a more permanent fix. See Bug 1537702 for examples.
We should consider adding something similar for dFPI. It would have to be a bit different from url-classifier-skip-urls since this operates on the URL classifier features, and dFPI doesn't depend on the url classifier. It seems like we'd still want it to apply to third parties, but perhaps it would be useful to be able to scope the exception to specific first parties.
Assignee | ||
Updated•4 years ago
|
Reporter | ||
Comment 1•4 years ago
•
|
||
During our meeting today Gray proposed three possible approaches to implementing this:
- Use the new pairwise remote settings list to generate temporary storage access permission (reusing the same permission we currently use)
- Use the new pairwise remote settings list to generate a new type of storage access permission (NOT reusing the same permission we currently have)
- Check the list directly at the same time we check the current storage access permissions. This is similar to what we do for the
url-classifier-skip-urls
remote settings collection.
IMO which direction we go depends on whether we'd want these exceptions to be included in the UI as part of the work we're doing in Bug 1643191 Comment 6.
If we want the exceptions in the UI then it seems like (1) is the right option. In the user's eyes, the exceptions granted by this mechanism are no different than those granted by the Storage Access API or a web compatibility heuristic. We wouldn't want users to have to manage them separately. There's a lot of complexity here though:
- If a user attempts to delete any permission granted by this allowlist it would pop back up during the next session. A sort of "zombie" permission.
- We can consider implementing an "Allow/Block" mechanism instead, and refuse to re-create a permission from the list when the user has manually toggled it to "Block" in the past. Perhaps the Storage Access API could still override this.
- We'd like the mechanism to be specific to partitioning, but adding a storage access permission would exempt the third party from ETP's cookie blocking as well (maybe that's acceptable).
- We don't have such a UI mechanism for
url-classifer-skip-urls
or the various skipUrl prefs. These ETP allowlist mechanisms would override whatever choices the user has made in the UI (e.g., if the user says to "Block" a certain third party from getting permission again in the future).
If we don't want exemptions in the UI, then (3) seems preferable unless there are other implementation / performance concerns we didn't get to discuss during our meeting. The downside of (2) is that the permission would be sticky. We wouldn't be able to remove it if the list changes and would have to wait for it to expire. It's not clear to me what the lifetime would be? If these are session-bound and could survive a session restore than this would be pretty bad. We could implement some kind of diffing method to mitigate this.
Given the complexities above, I think it's better to not try to display these as part of the new UI. Like the ETP exemptions, we don't want these to stay around forever and should use them sparingly as we fix breakage.
Assignee | ||
Comment 2•4 years ago
|
||
Assignee | ||
Comment 3•4 years ago
|
||
Depends on D81590
Reporter | ||
Comment 4•4 years ago
|
||
Gary, would you mind to use skip
instead of exempt
? That way we'll align with url-classifier-skip-urls
and the various skipUrls
prefs?
Assignee | ||
Comment 5•4 years ago
|
||
(In reply to Steven Englehardt [:englehardt] from comment #4)
Gary, would you mind to use
skip
instead ofexempt
? That way we'll align withurl-classifier-skip-urls
and the variousskipUrls
prefs?
No problem.
Updated•4 years ago
|
Updated•4 years ago
|
Comment 7•4 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/1b209c413deb
https://hg.mozilla.org/mozilla-central/rev/fee9e0ff87fe
Description
•