Closed Bug 405811 Opened 18 years ago Closed 9 years ago

Disable cookies for all prefetching (provide the the functionality and UI option)

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: bugzillaPost120030in, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4 For example, if you google amazon, the google results page will prefetch www.amazon.com, causing amazon cookies to be sent back and forth. Firefox no longer offers 3rd party cookie blocking UI option because the functionality behind it didn't and doesn't work.) Proposed UI: Checkbox under Privacy...Cookies: Enable cookies for all prefetching (default: unchecked) This bug is a side effect of the fixing of Bug 12274, so perhaps this should be assigned to component Network:Cache too. Perhaps if the functionality is enabled by default, all that's needed is the about:config UI. IMO, this depends on whether there's any *user* demand for such functionality. Commentary: At first, I thought Google was being evil. Google should be able to provide the benefits of using the prefetching tag without causing some of the the undesired privacy implications of doing so. Prefetching is useful, but if google suggests prefetching the first result, there are negative consequences that. (OT: Prefetching helps links_pammers track their success too, but fixing this bug won't help with that.) Reproducible: Always Steps to Reproduce: 1.Delete amazon (or all) cookies. (To facilitate monitoring: enable Privacy...Cookies...Keep Until: Ask every time.) 2.Google amazon (or visit provided URL). 3.Note resulting amazon cookie traffic. Actual Results: Amazon cookies were provided and received. Expected Results: I expected that using google would NOT /appear to/ set Amazon cookies. http://developer.mozilla.org/en/docs/Link_prefetching_FAQ and its talk page.
does this still happen if you turn on third party cookie blocking (go to about:config, and set network.cookie.cookieBehavior to 1)?
Severity: enhancement → normal
Component: Preferences → Networking
Product: Firefox → Core
QA Contact: preferences → networking
Summary: RFE: Disable cookies for all prefetching (provide the the functionality and UI option). → Disable cookies for all prefetching (provide the the functionality and UI option)
Disabling cookies for pre-fetching would defeat the point. For instance, let's say you're viewing a photo gallery where the photos are only available to logged-in accounts. The performance benefits of prefetching the next image are totally destroyed. We might even cache the wrong content, in fact. It seems far better to expose UI for the prefetching pref and let people turn that off. Much more to the point. https://developer.mozilla.org/en/Link_prefetching_FAQ#section_13
(In reply to comment #2) > It seems far better to expose UI for the prefetching pref and let people turn > that off. Unfortunately, bug 175104 ("disable Link Prefetching by default") and bug 269120 ("no UI for "network.prefetch-next" pref") are both WONTFIX. (BTW - Darin Fisher, who commented a lot in these bugs in defence of this "feature", currently works for Google.)
Darin's current employer is relevant how, exactly? Link prefetching was added while Netscape was the predominant force behind Mozilla, long before Google was on anyone's radar. It was a performance enhancement added by observation of site behavior, where many sites "prefetched" their images manually in a hidden frame to speed later loads. By adding it as an explicit feature under site control prefetching could happen in the background and not interfere with the loading of the current page. At broadband speeds it's probably not as useful as it once was.
Providing session cookies for the server can be useful. Without a session cookie, Firefox is just prefetching error pages and filling up servers error logs. But the browser should no set new cookies when prefetching: this is not the expected behavior. The suggested workaround, https://developer.mozilla.org/en/Link_prefetching_FAQ#Privacy_implications , is not good: third-party cookies are a different problem. Also, blocking third-party cookies is causing other bugs, such as https://bugzilla.mozilla.org/show_bug.cgi?id=441166 . There should really be a specific handling of cookies for prefetching.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.