Open Bug 1659425 Opened 4 years ago Updated 4 years ago

The Protections UI for cookie policy "Cookies from unvisited websites" incorrectly displays tracking cookies as "Allowed"

Categories

(Firefox :: Protections UI, defect, P2)

Product:
Firefox
Component:
Protections UI
Version:
Firefox 81
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox81 --- affected

People

(Reporter: obotisan, Unassigned)

Details

Affected versions

  • Firefox 81.0a1

Affected platforms

  • Windows 10 x64
  • Ubuntu 18.04 x64

Precondition

  • Firefox is launched on a clean profile.
  • Custom -> Cookies from unvisited websites option is set in about:preferences#privacy.
  • The following prefs are set in about:config:
    - privacy.partition.network_state = true
    - urlclassifier.trackingAnnotationTable.testEntries = known-tracker.englehardt-tracker.com

Steps to reproduce

  1. Navigate to https://senglehardt.com/test/dfpi/simple.html in a new tab.
  2. Click on the shield icon from the URL bar.

Expected result

  • "Cross-Site Tracking Cookies" is displayed in the "Blocked" section.

Actual result

  • "Cross-Site Tracking Cookies" is displayed in the "Allowed" section.

Regression range

  • I don't thinkn this is a regression. I can reproduce the issue on builds form 23/07/2020.

Suggested severity

  • S3
Summary: [Custom - Cookies from unvisited websites] "Cross-Site Tracking Cookies" is displayed in the "Blocked" section → [Custom - Cookies from unvisited websites] "Cross-Site Tracking Cookies" is displayed in the "Allowed" section
Has STR: --- → yes

I don't think this is related to dFPI given that the Custom -> Cookies is set to unvisited websites.

Steve, do you know is there any other blocking bug we should use instead of dFPI?

Severity: -- → S3
Flags: needinfo?(senglehardt)
Priority: -- → P2

This is not related to Dynamic FPI, but is a valid bug in the UI.

"Cookies from unvisited websites" will block the third-party cookies in the two third-party iframes since the user hasn't visited them. Some of those third parties may also be trackers, but their cookies are blocked until the user visits the tracking site as a first party.

The "Block All Third-Party Cookies" UI makes sense for this policy as well: we can display "Third-party cookies" instead of "Cross-site Tracking Cookies" as the top-level category in the Protections UI (and include it under Blocked). Then the foldout will separate the blocked cookies into "Third-party Cookies" and "Cross-site Tracking Cookies". Then, if a user visits sites from either category, that site will no longer be included in the list of blocked third-party cookies (and not displayed under the "Allowed" section).

No longer blocks: DynamicFirstPartyIsolation, 1658907
Severity: S3 → --
Component: Privacy: Anti-Tracking → Protections UI
Flags: needinfo?(senglehardt)
Priority: P2 → --
Product: Core → Firefox
Summary: [Custom - Cookies from unvisited websites] "Cross-Site Tracking Cookies" is displayed in the "Allowed" section → The Protections UI for cookie policy "Cookies from unvisited websites" incorrectly displays tracking cookies as "Allowed"

The severity field is not set for this bug.
:ewright, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(ewright)
Flags: needinfo?(ewright)
Severity: -- → S3
Priority: -- → P2
You need to log in before you can comment on or make changes to this bug.