Open Bug 1885973 Opened 2 years ago Updated 1 year ago

"Cross-site cookies in all windows" for Standard and Strict is confusing

Categories

(Firefox :: Settings UI, defect, P3)

Product:
Firefox
Component:
Settings UI
Type:
defect

Tracking

()

People

(Reporter: jscher2000, Unassigned)

Details

By default, network.cookie.cookieBehavior is set to 5 (Total Cookie Protection), also known as BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN.

On about:preferences, this is shown under Standard and Strict levels of ETP using the hbox with the class cross-site-cookies-option rather than the hbox with the class third-party-tracking-cookies-plus-isolate-option (see mozilla-central).

The English language strings for the labels in these two hbox elements are:

  • (Displayed) content-blocking-cross-site-cookies-in-all-windows2 = Cross-site cookies in all windows (mozilla-central)
  • (Hidden) content-blocking-cross-site-tracking-cookies-plus-isolate = Cross-site tracking cookies, and isolate remaining cookies (mozilla-central)

That simplification gives users the wrong impression that all third party cookies are blocked, and/or confusion about the choices in the Custom ETP cookie behavior selector which are more precise and don't match. For example: https://www.reddit.com/r/firefox/comments/1bhb71p/why_does_networkcookiecookiebehavior_in_ff_123/

I can appreciate that TCP is somewhat difficult to explain, but if the string used for content-blocking-cross-site-tracking-cookies-plus-isolate has been working for several years, would any negative repercussions be anticipated from switching privacy.js to showing that hbox/label under Standard and Strict in place of the string for content-blocking-cross-site-cookies-in-all-windows2?

Hey Tim, any idea who the right person to ask about this is? Is there somebody we worked with from Content Design that might be able to help us drive this bug to a decision?

Flags: needinfo?(tihuang)

Jeff Pfaller is the person you want to contact for the Content Design.

Flags: needinfo?(tihuang)

The severity field is not set for this bug.
:jhirsch, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(jhirsch)

Bug 1776403 last updated these strings for the Total Cookie Protection rollout. I recall that we had a discussion around the tradeoff between keeping language simple vs technically accurate.
In Bug 1740828 Ben updated the copy in the dropdown to better differentiate between cookie behavior 4 and 5.

We're working on blocking 3rd party cookies by default so this UI will need to be updated soon anyway.

I agree with the following, let's go about changing the string to match this already existing value:

https://searchfox.org/mozilla-central/source/browser/locales/en-US/browser/preferences/preferences.ftl#1288

(In reply to jscher2000 from comment #0)

By default, network.cookie.cookieBehavior is set to 5 (Total Cookie Protection), also known as BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN.

On about:preferences, this is shown under Standard and Strict levels of ETP using the hbox with the class cross-site-cookies-option rather than the hbox with the class third-party-tracking-cookies-plus-isolate-option (see mozilla-central).

The English language strings for the labels in these two hbox elements are:

  • (Displayed) content-blocking-cross-site-cookies-in-all-windows2 = Cross-site cookies in all windows (mozilla-central)
  • (Hidden) content-blocking-cross-site-tracking-cookies-plus-isolate = Cross-site tracking cookies, and isolate remaining cookies (mozilla-central)

That simplification gives users the wrong impression that all third party cookies are blocked, and/or confusion about the choices in the Custom ETP cookie behavior selector which are more precise and don't match. For example: https://www.reddit.com/r/firefox/comments/1bhb71p/why_does_networkcookiecookiebehavior_in_ff_123/

I can appreciate that TCP is somewhat difficult to explain, but if the string used for content-blocking-cross-site-tracking-cookies-plus-isolate has been working for several years, would any negative repercussions be anticipated from switching privacy.js to showing that hbox/label under Standard and Strict in place of the string for content-blocking-cross-site-cookies-in-all-windows2?

If possible, I'd like to update this string to reflect the discussion. I would need a little time to connect to make sure I understand what's happening here and gather the necessary approvals for the modification.

Severity: -- → S4
Flags: needinfo?(jhirsch)
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.