Closed Bug 1892494 Opened 2 months ago Closed 1 month ago

Only enable BounceTrackingProtection when 3rd party cookies are restricted

Categories

(Core :: Privacy: Anti-Tracking, task, P1)

Product:
Core
Component:
Privacy: Anti-Tracking
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
128 Branch
Tracking Flags:
Tracking Status
firefox128 --- fixed

People

(Reporter: pbz, Assigned: manuel)

References

(Blocks 1 open bug, Regressed 1 open bug)

Details

Attachments

(2 files)

Bug 1892494 - Only enable BounceTrackingProtection when it provides meaningful protection r=pbz
48 bytes, text/x-phabricator-request
Details | Review
Bug 1892494 - Add tests r=pbz
48 bytes, text/x-phabricator-request
Details | Review

The feature only provides meaningful protection if 3rd party cookies are already restricted. I recommend to enable the feature only for cookie behavior 1,3,4,5. That matches the behavior of the existing redirect tracking protection.
See https://searchfox.org/mozilla-central/rev/8c3ca2f5a74e0ba59c3d9dddf5468a2ffab13467/netwerk/cookie/nsICookieService.idl#59-65 for a list of supported cookie behaviors.

We need to take private browsing into account which can have a separate cookie behavior value than normal browsing.

Edit: This might be a good place to add the logic: https://searchfox.org/mozilla-central/rev/8c3ca2f5a74e0ba59c3d9dddf5468a2ffab13467/toolkit/components/antitracking/bouncetrackingprotection/BounceTrackingState.cpp#57,66
We can check for private browsing there. For better performance we can additionally consider stopping the entire service when both normal browsing and private browsing cookie behavior are unsupported.

Manuel, would you like to take this one?

Flags: needinfo?(manuel)
Blocks: btp-nightly

Thanks for detailed description. Yes, would like to take.

Assignee: nobody → manuel
Flags: needinfo?(manuel)

BounceTrackingProtection only provides meaningful protection when 3rd
party cookies are restricted.

Disable it when

  • BEHAVIOR_ACCEPT: Cookies aren't partitioned at all due to and trackers
    don't need to rely on redirects for tracking
  • BEHAVIOR_REJECT: Cookies aren't stored anyway and there is nothing for
    us to clear

All other current modes BEHAVIOR_REJECT_FOREIGN, BEHAVIOR_LIMIT_FOREIGN,
BEHAVIOR_REJECT_TRACKER and BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN
partition cookies.

See Also: → 1896935
Attachment #9400030 - Attachment description: WIP: Bug 1892494 - Add tests → Bug 1892494 - Add tests r=pbz
Pushed by mbucher@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4c6f90c2cac0
Only enable BounceTrackingProtection when it provides meaningful protection r=pbz,anti-tracking-reviewers
https://hg.mozilla.org/integration/autoland/rev/68549f95ad04
Add tests r=pbz,anti-tracking-reviewers
Regressions: 1898282

https://hg.mozilla.org/mozilla-central/rev/4c6f90c2cac0
https://hg.mozilla.org/mozilla-central/rev/68549f95ad04

Status: NEW → RESOLVED
Closed: 1 month ago
status-firefox128: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 128 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: