1915490 - privacy.annotate_channels.strict_list.enabled in Nightly and Beta leads to slower page load

Status: RESOLVED FIXED

(Core :: Privacy: Anti-Tracking, defect, P3)

Description

[Andrew Creskey [:acreskey]]

I was logging the output of nsHttpChannels identified as third party tracking resources here, in nsHttpChannel::Connect() and I noticed that while almost all channels marked as third party tracking resources did indeed appear to be tracking scripts, there were also many key resources such as content fonts, css, and images that were also tagged as such.

Since channels identified as trackers are deprioritized with the Tail class of service, this could negatively impact user-facing performance.

The following are examples of resources identified as third-party trackers that I encountered while browsing high-profile websites:

https://storage.googleapis.com/pr-newsroom-wp/1/2024/08/GT0sh5UbIAAFDZw.jpeg
https://storage.googleapis.com/pr-newsroom-wp/1/2022/05/community.svg
https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQk6YvM.woff2
https://fonts.googleapis.com/css?family=Cabin%3A400%2C600%2C700%2C400italic%2C500%7CDroid+Serif%3A400%2C700%2C400italic%2C700italic%7CLibre+Baskerville%3A400%2C400italic&subset=latin%2Clatin-ext 
https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.7.1/slick.min.css 
https://www.youtube.com/iframe_api
https://www.youtube.com/s/player/bcd1f224/player_ias.vflset/en_US/embed.js 
https://www.youtube.com/s/player/bcd1f224/www-embed-player.vflset/www-embed-player.js 
https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.7.1/fonts/slick.woff
https://www.youtube.com/s/player/bcd1f224/www-player.css
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=65f36a007b9322599125cdb7 
https://i3.wp.com/rafaelnadal.com/wp-content/uploads/2017/04/rafa_twit.jpg

On https://newsroom.spotify.com/
most of the images are tagged as trackers, including the 'hero' images, e.g. https://storage.googleapis.com/pr-newsroom-wp/1/2024/08/GT0sh5UbIAAFDZw.jpeg

On https://time.com
Many fonts are classified as a third party trackers, e.g.
https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQk6YvM.woff2

I don't know the exact criteria for classifying resources as third-party tracking scripts, but I don't think we want these resources to be identified as such.

Comment 1

[Andrew Creskey [:acreskey]]

[This bug may or may not be in the right component; please move if needed]

Comment 2

[Tim Huang[:timhuang] [PTO 10/19 ~ 11/3]]

They are content trackers. We only classify them as trackers if the strict level 2 list is enabled, and it's Nighlty-only.

Comment 3

[Andrew Creskey [:acreskey]]

Thanks Tim.
Yes, with privacy.annotate_channels.strict_list.enabled set to false the resources listed below are no longer classified as third party trackers (https://newsroom.spotify.com/).
It's most of the visual content of the site, from a quick look.

The pref privacy.annotate_channels.strict_list.enabled introduces a large behavioural difference between Nightly and Release.
So I'm wondering if there is value in keeping it enabled in Nightly?

From a performance perspective, it's preferable to have the Nightly behaviour match Release since we do so much performance optimization and analysis in nightly. The closer aligned they are, the better.

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 
https://storage.googleapis.com/pr-newsroom-wp/1/2023/02/stream-on-2023_nav-bar-image.png 
https://storage.googleapis.com/pr-newsroom-wp/1/2022/02/TTPF-New-Site-Image.png 
https://storage.googleapis.com/pr-newsroom-wp/1/2021/11/20210317_1731_LC_Spotify_Streaming_Animation-copy1-copy-768x432.jpg 
https://storage.googleapis.com/pr-newsroom-wp/1/2022/10/FCB_logo-lockup-1-768x432.jpeg 
https://storage.googleapis.com/pr-newsroom-wp/1/2021/11/group-1329.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2021/11/group-1327.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2021/11/group-1326.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2021/11/group-1328.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2021/11/developer-icon.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2021/11/investor-icon-2.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2021/11/design-icon.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2021/11/engineer-icon.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2021/11/vendor-icon.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2022/01/songwriter-icon.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2022/05/community.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2024/08/SOS_FTRBanner_1440x820_V3.png 
https://storage.googleapis.com/pr-newsroom-wp/1/2024/08/GT0sh5UbIAAFDZw.jpeg 
https://storage.googleapis.com/pr-newsroom-wp/1/2024/08/SpotifyStudios_SeleccionNatural_Cover-Art.jpg 
https://storage.googleapis.com/pr-newsroom-wp/1/2024/06/Black-Box_Amapiano-1.png 
https://storage.googleapis.com/pr-newsroom-wp/1/2024/07/Spotify-Premium-Audiobooks-Audiobooks-to-Appeal-to-Your-Inner-Influencer-1440x1440-1-1440x810.png 
https://storage.googleapis.com/pr-newsroom-wp/1/2024/05/Spotlight_Brazil-10-Years.jpeg 
https://storage.googleapis.com/pr-newsroom-wp/1/2024/04/spotify-classics-100-greatest-rb-rnb-songs-streaming-era-1440x810.jpg 
https://storage.googleapis.com/pr-newsroom-wp/1/2021/10/icon_artist-full.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2021/10/icon_podccasters-full.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2021/10/icon_advertisers-full.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2021/10/life-icon-full.svg 
https://storage.googleapis.com/pr-newsroom-wp/1/2024/08/24_0828-FTRHeader_BackToSchool-1-1920x955.png 
https://storage.googleapis.com/pr-newsroom-wp/1/2024/08/CASA-SPOTIFY-square-option-1920x955.jpg 
https://storage.googleapis.com/pr-newsroom-wp/1/2024/08/SpotifyxCrunchyroll_Global-Anime-Hub_FTR-Banner_Desktop-1440x716.jpg 
https://storage.googleapis.com/pr-newsroom-wp/1/2024/08/Gacha-Pop-Banner_2-copy-1440x716.jpg 
https://storage.googleapis.com/pr-newsroom-wp/1/2024/08/J-Balvin-header-1440x716.jpeg 
https://storage.googleapis.com/pr-newsroom-wp/1/2024/08/YearOfCowgirl-FTRHeader_01-1920x955.png 

Comment 4

[Tim Huang[:timhuang] [PTO 10/19 ~ 11/3]]

The pref privacy.annotate_channels.strict_list.enabled has been in early beta and earlier for several years. Due to Webcompat concerns, we haven't been able to enable it by default. We also have TCP to prevent third-party tracking from content trackers. Given these two reasons, we can disable this in ETP standard mode in the Nightly channel. This will still be enabled in ETP strict mode.

Comment 5

[Andrew Creskey [:acreskey]]

Thanks Tim.
Since we're currently watching for any impact from flipping UrlClassifierCommon::AnnotateChannel's priority lowering, bug 1915186, I'd like to wait a week or so before making any changes here.

Comment 6

[Andrew Creskey [:acreskey]]

Attachment: Bug 1915490 - privacy.annotate_channels.strict_list.enabled in Nightly and Beta leads to slower page load r=timhuang,pbz

Let's align the strict mode with what we are shipping in release to faciliate general performance and resource prioritization work.

Comment 7

[Pulsebot]

Pushed by acreskey@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/759707522062
privacy.annotate_channels.strict_list.enabled in Nightly and Beta leads to slower page load r=timhuang

Comment 8

[Cristian Tuns]

https://hg.mozilla.org/mozilla-central/rev/759707522062