Closed Bug 1695546 Opened 4 years ago Closed 4 years ago

multiple cloudfront.net addresses breaking strict enhanced tracking protection for Mozilla Phabricator

Categories

(Core :: Privacy: Anti-Tracking, defect)

Product:
Core
Component:
Privacy: Anti-Tracking
Version:
Firefox 86
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1658044

People

(Reporter: grahamperrin, Unassigned)

References

Details

Attachments

(1 file)

2021-03-01 00:00:13.png
516.52 KB, image/png
Details
Attached image 2021-03-01 00:00:13.png

User Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:86.0) Gecko/20100101 Firefox/86.0

Steps to reproduce:

  1. Firefox 86.0 release candidate 3 on FreeBSD 14.0-CURRENT, https://dev.freshports.org/www/firefox/#history
  2. strict ETP preferred
  3. https://phabricator.services.mozilla.com/D106622

Actual results:

  1. page broken
  2. page reported
  3. appended the following string to privacy.restrict3rdpartystorage.partitionedHosts
  4. ,d3qlaywcwingl6.cloudfront.net/
  5. https://phabricator.services.mozilla.com/
  6. page broken by a different cloudfront.net address

Expected results:

  1. no breakage

Reproducible in safe mode.

I did not (and will prefer to not) refresh the profile.

For steps (6) and (7) I took a hint from bug 1659394 comment 2.

With a separate Firefox profile on the same computer: no such breakage. Please see, for example, the fourth screenshot under https://github.com/mozilla/multi-account-containers/issues/1974#issuecomment-787538522.

Please consider putting this in the dependency tree for bug 1602922 (dfpi-breakage) … or would bug 1669486 (etp-level-2-webcompat) be more appropriate?

Is ETP level 2 synonymous with strict enhanced tracking protection (a.k.a. total cookie protection) in Firefox 86.0?

Thank you

Additional key phrases, for search purposes:

  • dynamic first party isolation
  • dFPI
  • strict ETP
  • ETP strict mode
  • dynamic state partitioning
  • dynamic partitioning
  • network.cookie.cookieBehavior = 5
Flags: needinfo?(senglehardt)

This is caused by content blocking from the Level 2 list. See Bug 1658044. We've deprecated this mode of ETP Strict, and I recommend switching back to the Level 1 blocklist.

You can do that using the list chooser (if it's still available in your UI). To do so, go to about:preferences#privacy, Select Custom for the ETP mode, and under "Tracking content" you'll see a "Change block list" option. Click that and change back to Level 1. (If you previously had ETP on Strict mode, you can go back to Strict mode).

Otherwise you can go to about:config and set urlclassifier.trackingTable to moztest-track-simple,ads-track-digest256,social-track-digest256,analytics-track-digest256. (When the Level 2 list is enabled for content blocking, it will say moztest-track-simple,ads-track-digest256,social-track-digest256,analytics-track-digest256,content-track-disgest256.)

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Flags: needinfo?(senglehardt)
Resolution: --- → DUPLICATE
See Also: → 1658044

Thank you!

No UI in Firefox 86https://hg.mozilla.org/mozilla-central/rev/761cbe842150 – but I find urlclassifier.trackingTable at the required value after performing a simple reset at its line in about:config.

Evidently I preferred level 2 so long ago that I forgot about it.

(In reply to Graham Perrin from comment #3)

Thank you!

No UI in Firefox 86https://hg.mozilla.org/mozilla-central/rev/761cbe842150 – but I find urlclassifier.trackingTable at the required value after performing a simple reset at its line in about:config.

Evidently I preferred level 2 so long ago that I forgot about it.

Thanks for that update! I'll reflect that into Bug 1658044, since I suspect there are other users that don't have an option to recover via the UI.

As I'm thinking more about this; do you remember how you changed the list? Would it have been through the list chooser UI? Or could you have set it through about:config or with a custom user.js file? I don't like that we have users who have the level 2 blocklist active for blocking, but with no way to recover from that in the UI.

Thank you,

(In reply to Steven Englehardt [:englehardt] from comment #4)

Honestly, I got myself confused after posting my comment #3.

True: there's no UI to the preference in Firefox 86, however I'm no longer certain about that changeset reference. Is it possible that the UI was removed then brought back then removed again?

(I could not find what I wanted using the search feature of Mercurial, and I became uncertain about what was given to me by a strict search with Google.)

(In reply to Steven Englehardt [:englehardt] from comment #5)

… do you remember how you changed the list? Would it have been through the list chooser UI?

Almost certainly yes.

Maybe after reading about Firefox use of Disconnect's list, and I probably learnt of that in a privacy-oriented forum or subreddit. In retrospect, I see (no longer maintained) https://support.mozilla.org/en-US/kb/content-blocking#w_change-your-block-list. The UI rings a bell but the support page does not.

I imagine that I didn't stick with custom mode for long. My likeliest response to breakage would have been a switch away from Custom, and I never imagined that a remnant from 'my custom days' might impact upon defaults that are associated with strict ETP in Firefox 86 (does that make sense?) …

Incidentally, I posted this yesterday in Reddit:

– no cries of horror in response :-)

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: