1841104 - Make FPP part of ETP Strict

Status: VERIFIED FIXED

(Core :: Privacy: Anti-Tracking, enhancement)

Description

[Tom Ritter [:tjr]]

The desire is to make FPP part of ETP Strict. If ETP Strict is enabled, FPP is enabled.

I'm a little confused on this, since the intent is to make FPP enabled by default in PBM; however on a fresh profile I don't see in the settings how 'Strict' is enabled in PBM mode - the settings page chooses 'Standard' by default.

Now... the setting Standard does explicitly say "Blocks Tracking Content in Private Windows" - so maybe it's best explained with the distinction of a setting of Standard/Strict and a behavior of Standard/Strict. The behavior of Strict is to block Tracking Content in addition to all the other stuff. That setting Strict enables the behavior Strict all Windows. The setting Standard enables the behavior Standard in normal windows and the behavior Strict in PBM.

If that's correct - then we want to enable FPP in the behavior of Strict which will automatically apply it to PBM Windows (because the setting Standard applies the behavior Strict in PBM) and can optionally apply it to normal windows if the user chooses the setting Strict.

I think Tim should take this bug.

Comment 1

[Tom Ritter [:tjr]]

https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop will surely need updating for any UI changes we make here.

Comment 2

[Martin Balfanz [:mbalfanz]]

The situation is ... complicated. Strict is not enabled by default in private windows. Private Windows are by default ETP Standard + Tracking Content. ETP Strict includes additional things like Query Parameter Stripping. We made an effort to make ETP strict and Private Windows share the same configuration and to simplify life, but we got blocked on QPS. It's a problem that we should solve separately.

Comment 3

[BugBot [:suhaib / :marco/ :calixte]]

The Bugbug bot thinks this bug should belong to the 'Core::Privacy: Anti-Tracking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Comment 4

[Tim Huang[:timhuang]]

Attachment: Bug 1841104 - Add fingerprinting protection to ETP Strict. r?pbz!

Comment 5

[Tim Huang[:timhuang]]

Attachment: Bug 1841104 - Update the string copy of the fingerprinters in the ETP strict section in about:preferences#privacy page. r?pbz!

Depends on D187383

Comment 6

[Pulsebot]

Pushed by tihuang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2d70df0dda3a
Add fingerprinting protection to ETP Strict. r=pbz,settings-reviewers,mconley
https://hg.mozilla.org/integration/autoland/rev/757461d960f2
Update the string copy of the fingerprinters in the ETP strict section in about:preferences#privacy page. r=pbz,fluent-reviewers,settings-reviewers,flod

Comment 7

[Cristina Horotan [:chorotan]]

https://hg.mozilla.org/mozilla-central/rev/2d70df0dda3a
https://hg.mozilla.org/mozilla-central/rev/757461d960f2

Comment 8

[Simona Badau, Desktop QA]

Verified as fixed on the latest Nightly 119.0a1 - tested on Ubuntu 22.04, macOS 11.7, and Windows 10 x64

Comment 9

[Tim Huang[:timhuang]]

Release Note Request (optional, but appreciated)
[Why is this notable]: We are bringing fingerprinting protection to ETP strict mode. Currently, it covers font fingerprinting protection, and we will enable more fingerprinting protections. The canvas randomization and audio context protection are in the pipeline.
[Affects Firefox for Android]: No, this doesn't affect Firefox for Android.
[Suggested wording]: The visibility of fonts to websites has been restricted to system fonts and language pack fonts in ETP strict mode to mitigate font fingerprinting.
[Links (documentation, blog post, etc)]: None

Comment 10

[Dianna Smith [:diannaS]]

Added to 119 beta release notes (https://www.mozilla.org/en-US/firefox/119.0beta/releasenotes/) as well as the Draft release notes for 119