1962092 - Ingest and unblock the Anti-Fraud category from disconnect.me

Status: NEW

(Core :: Privacy: Anti-Tracking, task)

Description

[Christian Holler (:decoder)]

We have various bugs on file where sites break because we block scripts that attempt to use fingerprinting for anti-fraud purposes. Instead of blocking these scripts, we should start to rely on our anti-fingerprinting measures. This will likely result in the user having to solve a captcha instead, but at least the site becomes usable.

Per disconnect-me, this category is defined as:

Anti-fraud: A tracker may be classified as anti-fraud if its explicit purpose is to prevent or detect fraud and
does not utilize data collected in a third-party context (including IP addresses and user identifiers) for any
purpose not directly related to fraud detection or prevention, including the use and sharing of such data 
to enable tracking of particular users or devices by other services.

We should unblock this in ETP-Standard (non-PBM can also be affected by this because we block certain fingerprinters even in standard mode). For ETP-Strict, we can use a different flow, similar to the planned prompt for tracker unblocking.

Comment 1

[William Wen (:wwen)]

Attachment: Bug 1962092 - Add antifraud annotation feature. r=timhuang!

Comment 2

[William Wen (:wwen)]

Attachment: Bug 1962092 - Add tracking protection skip for anti-fraud feature. r=timhuang!

Comment 3

[William Wen (:wwen)]

Attachment: Bug 1962092 - Add test for anti-fraud annotation. r=timhuang!

Comment 4

[William Wen (:wwen)]

Attachment: Bug 1962092 - Add flags and prefs for antifraud list feature. r=timhuang!