During my internship I investigated whether or not we could use the tracking protection list to sandbox tracking resources instead of block them. We considered the following 4 approaches: 1. Allow all requests; strip cookies 2. Allow all requests; strip cookies and sandbox tracking iframes 3. Block active content embedded in the first-party context; sandbox tracking iframes 4. Sandbox active content embedded in the first-party context; sandbox tracking iframes We determined each of these solutions to either provide an insufficient privacy improvement, to continue to cause too much breakage, or to be infeasible to implement and support. The analysis results of this research and well as a prototype patch will added in follow up comments.

Prototype patch for configuration (3) detailed above. This has the basic functionality of applying different sandbox options depending on the content type of a request. Note that this patch does have a few bugs and the sandboxing applied is simply a few iframe sandbox flags. The purpose of this prototype is to test compatibility with different script embedding practices. With minor changes this patch can implement (1) and (2). A prototype implementation of (4) requires significantly more engineering.

The analysis of options 1 - 4 is available in the following document: https://docs.google.com/document/d/1TxKCWn0qTgo0hnsKQINka-Jhm69nlbjbClgVWUHt22Y/edit

Exporting the Google Docs to a PDF to ensure it doesn't get lost.