Closed
Bug 1039857
Opened 10 years ago
Closed 9 years ago
Correctly implement namespacing and use localStorage for local shared objects
Categories
(Firefox Graveyard :: Shumway, defect)
Firefox Graveyard
Shumway
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: cpeterson, Assigned: yury)
References
Details
We have some open questions about LSO UX and permissions. As a temporary measure, we can just keep LSOs in memory and never write them to disk for now. That should make most content work, and get around the UX questions.
Reporter | ||
Comment 1•10 years ago
|
||
Till suggested that we implement in-memory LSOs before enabling on Nightly (Shumway's M3 milestone).
Reporter | ||
Comment 2•10 years ago
|
||
Yury suggested simply moving Shumway LSOs from localStorage to sessionStorage.
Assignee: nobody → till
Reporter | ||
Comment 3•10 years ago
|
||
As a partial defense against Flash Supercookies, we could store LSOs from ad-like or tracker-like SWFs (e.g. URL with clickTag, 0 or 1 pixel height/width, etc) in cookie jar that is cleared when the page unloads (a shorter lifetime than sessionStorage) or just throw them in the bit bucket immediately.
Reporter | ||
Updated•10 years ago
|
Whiteboard: [shumway:fb2?]
Reporter | ||
Comment 5•10 years ago
|
||
Make bugs with "[shumway-fb2]" whiteboard tag block shumway-fb2 meta bug 1110300.
Blocks: shumway-fb2
Reporter | ||
Updated•10 years ago
|
No longer blocks: shumway-fb2
Reporter | ||
Comment 6•10 years ago
|
||
Till, you said in email that "Shumway is using SessionStorage for LSO's, but that will change to LocalStorage for persistence." Does that mean this bug is the opposite of what we want?
Making LSOs persistent sounds like a shumway-1.0 bug, not shumway-m4.
Flags: needinfo?(till)
Comment 7•10 years ago
|
||
(In reply to Chris Peterson [:cpeterson] from comment #6)
> Till, you said in email that "Shumway is using SessionStorage for LSO's, but
> that will change to LocalStorage for persistence." Does that mean this bug
> is the opposite of what we want?
Heh, by now it is, yes. Also, we already did that and are currently using sessionStorage.
> Making LSOs persistent sounds like a shumway-1.0 bug, not shumway-m4.
I don't think I agree: we want to thoroughly test this. Also, if we want to properly implement the semantics, doing that in localStorage is about the same as doing it in sessionStorage. Re-purposing.
Tobias and I just discussed this, and it seems like we can fully implement the correct semantics using localStorage. The only issue with that is that JS from that domain can read the LSOs, regardless of how they're namespaced. (By default, an LSO can only be read by the SWF that created it, but that can be changed.) This difference seems minor, especially compared to the tremendous updates this plan has: localStorage is already handled by Firefox's data management and by addons for managing privacy-relevant data. If we roll our own solution, we have to somehow make it available in those tools, too.
There's one snag here: if foo.com/a.swf loads bar.com/b.swf as a child, then b.swf can access its own LSOs. Implementing that isn't entirely straight-forward: we're never creating an iframe or anything similar for bar.com, after all.
What we need is an API in chrome-land that can read arbitrary localStorage objects. To prevent abuse, it must check the JS stack of the caller that requests the LSO and ensure that it is from the same domain.
We have a mechanism for this inside the player, but not in chrome code. Adding it is probably not hard, though.
Assignee: till → schneider
Status: NEW → ASSIGNED
Flags: needinfo?(till)
Summary: Change Shumway's Local Shared Objects (LSOs) to be in-memory only, not persistent → Correctly implement namespacing and use localStorage for local shared objects
Whiteboard: [shumway:fb2?]
Reporter | ||
Comment 8•10 years ago
|
||
Till, Tobias: Yahoo!'s Flash ad guidelines [1] do not permit the use of Shared Objects. (I assume they both Local and Remote Shared Objects.) Can we just disable Shared Objects for M4 and postpone a complete implementation to a later milestone?
[1] https://adspecs.yahoo.com/pages/standard-flash/
Flags: needinfo?(till)
Comment 9•10 years ago
|
||
(In reply to Chris Peterson [:cpeterson] from comment #8)
> Can we just disable Shared Objects for M4 and postpone a complete implementation to
> a later milestone?
While It's commendable that they forbid this, I'm not sure it means much more us. If other popular ad networks allow it, we can't force Yahoo's guidelines on all of them. If we can find conclusive evidence that all somewhat-kosher ad networks forbid this, it'd be ok, I guess, and pretty great in fact. I find that doubtful, though.
Flags: needinfo?(till)
Reporter | ||
Comment 10•10 years ago
|
||
(In reply to Till Schneidereit [:till] from comment #9)
> While It's commendable that they forbid this, I'm not sure it means much
> more us. If other popular ad networks allow it, we can't force Yahoo's
> guidelines on all of them. If we can find conclusive evidence that all
> somewhat-kosher ad networks forbid this, it'd be ok, I guess, and pretty
> great in fact. I find that doubtful, though.
AOL's ad specs also forbid LSOs. I wonder if the ad networks are trying to prevent ad publishers from implementing their own user tracking.
http://adspecs.aol.com/technical-guidelines/flash-cookies
Reporter | ||
Comment 11•10 years ago
|
||
Yury, does your localStorage implementation of LSOs in bug 1139633 also fix this bug? Till describes some important corner cases in comment 7.
Flags: needinfo?(ydelendik)
Comment 12•10 years ago
|
||
(In reply to Chris Peterson [:cpeterson] from comment #10)
> AOL's ad specs also forbid LSOs. I wonder if the ad networks are trying to
> prevent ad publishers from implementing their own user tracking.
That's a very likely explanation, yes. Also quite encouraging.
> Yury, does your localStorage implementation of LSOs in bug 1139633 also fix
> this bug? Till describes some important corner cases in comment 7.
It doesn't, but it's a step towards fixing this bug. We're now using localStorage and the actual access happens from chrome code, so it's (theoretically, not currently practically) possible to access arbirary site's storage. We have to also implement access management that depends on the currently running code's applicationDomain.
Depends on: 1139633
Flags: needinfo?(ydelendik)
Updated•9 years ago
|
Assignee: schneider → ydelendik
Updated•9 years ago
|
Product: Firefox → Firefox Graveyard
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•