1650433 - RFP needs per-site or per-window granularity

Status: RESOLVED DUPLICATE of bug 1450398

(Core :: DOM: Security, defect, P3)

Description

[luis.machuca]

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:0.0) Gecko/20100101 Firefox/0.0

Steps to reproduce:

1.- Install Firefox.
2.- Enable RFP (Resist FingerPrinting)
3.- Open m>1 tabs in n>1 different sites and perform activities in them, such that at least one site necessitates disabling fingerprinting to work.

Actual results:

1.- Disabled RFP
2.- Now RFP is disabled browser-wide, exposing the browser across all the m tabs and n sites.

Expected results:

1.- Disabled RFP only for the specific site (eg.: domain) or tab/window that needs it.
2.- RFP is disabled in the 1 site or tab, but the other m-1 tabs and/or n-1 sites continue under the protection of RFP.

RFP in general needs more granularity in its application. Due to its extreme scope (changing "system" variables like screen size, operating system (already filed a bug report for that one), medium used etc) using this feature applies to the entire Firefox experience. The only practical way "out" for a specific site or domain is to set up an entirely separate Firefox profile to use that site, which necessitates also copying or reinstalling addons and personal customizations (such as fonts, user paths and accessibility options).

As a minimum, there should be two separate RFP instances per profile: one for normal windows and a separate one for private windows.

Comment 1

[Simona Badau, Desktop QA]

I'm not sure what the expected result should be in this case. I'm moving this issue on Core: Dom: Security so that someone with more knowledge in this area could take a look.