Consider entity allow lists for cookie purging
Categories
(Core :: Privacy: Anti-Tracking, enhancement, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox79 | --- | fixed |
People
(Reporter: johannh, Assigned: johannh)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
For cookie purging, we currently check each individual tracking origin for user interaction without considering whether a related entity might have user interaction. So, google.com would be cleared even if google.de has user interaction. This could lead to breakage. Luckily we have the entity list which connects these and we could use that to check user interaction for all related entities.
However, it also goes slightly beyond what the entity list is meant for (which is unblocking trackers only on sites that clearly own them and could share data with them anyway). We might end up giving tracking domains of popular sites (like doubleclick for google.com) a free pass.
Additionally, supporting the entity list comes with a performance toll and will likely result in longer purging times.
To properly evaluate this and prepare for any scenario, I'll go with the following strategy:
- Implement entity list support behind a pref, turned off by default
- Add telemetry for reporting the number of times a tracker would have been exempted from purging because of the entity list
|
Assignee | |
Comment 1•5 years ago
|
||
This commit is made a bit harder to understand by a couple of changes
that I felt were necessary to make:
- I refactored the code for purging a single origin into the maybePurgePrincipal function.
- I updated the logger to actually allow for different log levels (to get debug logging)
|
||
Comment 3•5 years ago
|
||
| bugherder | ||
Description
•