Closed Bug 1761207 Opened 2 years ago Closed 2 years ago

Extend the expiration time of the storage access permission that is given from the redirect heuristic

Categories

(Core :: Privacy: Anti-Tracking, task, P2)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
101 Branch
Tracking Flags:
Tracking Status
firefox101 --- fixed

People

(Reporter: timhuang, Assigned: timhuang)

References

Details

Attachments

(2 files)

Bug 1761207 - Extend the expiration time of the storage access permission given by the redirect heuristic. r?#anti-tracking-reviewers
48 bytes, text/x-phabricator-request
Details | Review
Bug 1761207 - Calculate the expected expired days directly from the pref in the test browser_contentBlockingTelemetry.js. r?#anti-tracking-reviewers
48 bytes, text/x-phabricator-request
Details | Review

The redirect heuristics was designed for the federated login scenario, such as SSO. It gives storage access permission for 15 minutes so that the login process can be successful. This may be enough for making the login successful, however, any operations between the login provider and the login site after the expiration time of the short-term storage access permission won't be successful because the storage is partitioned again. Like, the renewal of the login token could fail because of this.

Also, we give the full expiration time to other window open heuristics. So, keeping the expiration time of the redirect heuristic short doesn't really give us privacy benefits. Therefore, we should extend the expiration time as same as other heuristics.

Assignee: nobody → tihuang
Status: NEW → ASSIGNED

This patch extends the expiration time of the storage access permission
given by the redirect heuristic to 30 days. This matches to the
expiration time of the permission given by other heuristics.

(In reply to Tim Huang[:timhuang] from comment #0)

Also, we give the full expiration time to other window open heuristics. So, keeping the expiration time of the redirect heuristic short doesn't really give us privacy benefits. Therefore, we should extend the expiration time as same as other heuristics.

The direction of the window open heuristic is different though. The opener site in the window open heuristic is granting storage access to the opened window's origin in the opener. In the redirect heuristic, the site doing the redirecting is getting storage access under the destination page.

This difference makes sense because both pages require user interaction within the last 10 minutes, so for an SSO-in-window-redirect situation you have to trigger on redirect from the SSO back to the page.

Were there abuse use cases drawn up when the heuristics were developed? I think this difference means that they are significant.

I'm not opposed to making this change. I just want to be thorough.

Talked this over out of band.

The user interaction requirement of this heuristic is significant enough that I am comfortable allowing a longer grant here.

Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/92e64531995a
Extend the expiration time of the storage access permission given by the redirect heuristic. r=anti-tracking-reviewers,bvandersloot

Backed out for causing mochitest failures on browser_contentBlockingTelemetry.js

  • Backout link
  • Push with failures
  • Failure Log
  • Failure line: TEST-UNEXPECTED-FAIL | toolkit/components/antitracking/test/browser/browser_contentBlockingTelemetry.js | unexpected counts should be zero for STORAGE_ACCESS_REMAINING_DAYS at index 29 - 1 == 0 - JS frame :: resource://testing-common/TelemetryTestUtils.jsm :: assertHistogram :: line 302
Flags: needinfo?(tihuang)
Flags: needinfo?(tihuang)

In the test, we check if record to the correct bucket for the remaining
expired time of the storage access permission. The expected values were
using static value, which will have problem if we change the expired
time via the prefs.

We change to calculate the expected expired time directly from the pref
so this test can work even we change the pref value.

Depends on D142431

Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b543d49116b0
Extend the expiration time of the storage access permission given by the redirect heuristic. r=anti-tracking-reviewers,bvandersloot
https://hg.mozilla.org/integration/autoland/rev/af56f3b0e695
Calculate the expected expired days directly from the pref in the test browser_contentBlockingTelemetry.js. r=anti-tracking-reviewers,pbz

https://hg.mozilla.org/mozilla-central/rev/b543d49116b0
https://hg.mozilla.org/mozilla-central/rev/af56f3b0e695

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
status-firefox101: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 101 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: