Mostly isolating processes by top-level site (requires Fission)
Categories
(Core :: Privacy: Anti-Tracking, enhancement, P3)
Tracking
()
| Fission Milestone | Future |
People
(Reporter: annevk, Unassigned)
References
(Blocks 2 open bugs)
Details
Note that this is an idea. I suspect we need telemetry and study to evaluate impact properly.
The best way to partition state in the content process would be by partitioning that process itself. That way nobody working on code that runs in that process will have to consider partitioning of local state and our implementation of partitioning would become much more robust.
However, there's a difficulty in that if A embeds B1 which popups B2, B1 and B2 need to share a process. Conveniently though, at that point B has storage-access too.
So what if third parties get to reuse a process from other third parties with the same top-level origin, but otherwise have to create a new process. However, the moment they get the storage-access permission they no longer count as third party for process reuse and creation purposes.
The main issue (apart from using more system resources, depending on the user) that I see here is that processes are keyed on site and the storage-access permission uses an origin. But I think that's still largely fine and better than the status quo. If the site wanted to lock itself down further they could use one of the new features that would allow browsers to allocate a process per origin.
|
||
Comment 1•4 years ago
|
||
Fission Future because this bug doesn't need to block shipping Fission MVP.
|
||
Updated•4 years ago
|
Description
•