Add non-tracker requirement to dFPI interaction heuristic
Categories
(Core :: Privacy: Anti-Tracking, task, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox79 | --- | fixed |
People
(Reporter: englehardt, Assigned: xeonchen)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
The dFPI interaction heuristic implemented in Bug 1616585 Comment 12 can be summarized as:
Site B will receive storage access on site A when a top-level document redirect occurs from site B to site A, where:
* both site A and site B have received user interaction as a first-party within the past 30 days
* both site A and site B been visited as a first party within the past 10 minutes
We should add in an additional requirement that site B is not a known tracker.
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Updated•4 years ago
|
|
Assignee | |
Updated•4 years ago
|
|
|
Assignee | |
Comment 1•4 years ago
|
||
Depends on D78261
|
|
Assignee | |
Comment 2•4 years ago
|
||
Depends on D78271
|
|
Assignee | |
Comment 3•4 years ago
|
||
Depends on D78272
|
|
Assignee | |
Comment 4•4 years ago
|
||
This check may be overwritten by AntiTracking's heuristic:
When there is a top-level redirect from a tracking origin to a non-tracking origin, the tracking origin receives short-lived storage access on the non-tracking origin and any other non-tracking origins that appear further down the redirect chain (i.e., if the load continues to redirect). The tracking origin must have received user interaction as a first party within the past 30 days, and the storage access permission expires after 15 minutes.
|
||
Comment 6•4 years ago
|
||
Backed out for browser-chrome failures on browser_storageAccessWithDynamicFpiHeuristics.js
backout: https://hg.mozilla.org/integration/autoland/rev/e33aea19d0c50b6b5eec8a45a8b21abcfdc79c85
failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=305098875&repo=autoland&lineNumber=54580
[task 2020-06-04T19:20:49.561Z] 19:20:49 INFO - Console message: [JavaScript Error: "SecurityError: Permission denied to access property "fetch" on cross-origin object" {file: "chrome://mochitests/content/browser/toolkit/components/antitracking/test/browser/browser_storageAccessWithDynamicFpiHeuristics.js line 53 > eval" line: 2}]
[task 2020-06-04T19:20:49.562Z] 19:20:49 INFO - Buffered messages logged at 19:13:19
[task 2020-06-04T19:20:49.563Z] 19:20:49 INFO - Longer timeout required, waiting longer... Remaining timeouts: 5
[task 2020-06-04T19:20:49.563Z] 19:20:49 INFO - Buffered messages logged at 19:14:49
[task 2020-06-04T19:20:49.564Z] 19:20:49 INFO - Longer timeout required, waiting longer... Remaining timeouts: 4
[task 2020-06-04T19:20:49.565Z] 19:20:49 INFO - Buffered messages logged at 19:16:19
[task 2020-06-04T19:20:49.565Z] 19:20:49 INFO - Longer timeout required, waiting longer... Remaining timeouts: 3
[task 2020-06-04T19:20:49.566Z] 19:20:49 INFO - Buffered messages logged at 19:17:49
[task 2020-06-04T19:20:49.567Z] 19:20:49 INFO - Longer timeout required, waiting longer... Remaining timeouts: 2
[task 2020-06-04T19:20:49.567Z] 19:20:49 INFO - Buffered messages logged at 19:19:19
[task 2020-06-04T19:20:49.568Z] 19:20:49 INFO - Longer timeout required, waiting longer... Remaining timeouts: 1
[task 2020-06-04T19:20:49.569Z] 19:20:49 INFO - Buffered messages finished
[task 2020-06-04T19:20:49.570Z] 19:20:49 INFO - TEST-UNEXPECTED-FAIL | toolkit/components/antitracking/test/browser/browser_storageAccessWithDynamicFpiHeuristics.js | Test timed out -
[task 2020-06-04T19:20:49.570Z] 19:20:49 INFO - GECKO(1244) | [Parent 1244, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111 (NS_ERROR_NOT_AVAILABLE): file /builds/worker/checkouts/gecko/netwerk/cache/nsApplicationCacheService.cpp, line 150
[task 2020-06-04T19:20:49.571Z] 19:20:49 INFO - GECKO(1244) | [Parent 1244, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111 (NS_ERROR_NOT_AVAILABLE): file /builds/worker/checkouts/gecko/netwerk/cache2/AppCacheStorage.cpp, line 128
[task 2020-06-04T19:20:49.575Z] 19:20:49 INFO - GECKO(1244) | [Parent 1244, GMPThread] WARNING: Failed to delete GMP storage directory: file /builds/worker/checkouts/gecko/dom/media/gmp/GMPServiceParent.cpp, line 1568
[task 2020-06-04T19:20:49.576Z] 19:20:49 INFO - GECKO(1244) | [Parent 1244, Main Thread] WARNING: Suboptimal indexes for the SQL statement 0x7fd87ef83380 (http://mzl.la/1FuID0j).: file /builds/worker/checkouts/gecko/storage/mozStoragePrivateHelpers.cpp, line 106
[task 2020-06-04T19:20:49.577Z] 19:20:49 INFO - GECKO(1244) | MEMORY STAT | vsize 3422MB | residentFast 419MB | heapAllocated 155MB
[task 2020-06-04T19:20:49.578Z] 19:20:49 INFO - TEST-OK | toolkit/components/antitracking/test/browser/browser_storageAccessWithDynamicFpiHeuristics.js | took 540309ms
[task 2020-06-04T19:20:49.578Z] 19:20:49 INFO - Not taking screenshot here: see the one that was previously logged
|
|
Assignee | |
Updated•4 years ago
|
|
|
Reporter | |
Comment 7•4 years ago
|
||
(In reply to Gary Chen [:xeonchen] from comment #4)
This check may be overwritten by AntiTracking's heuristic:
When there is a top-level redirect from a tracking origin to a non-tracking origin, the tracking origin receives short-lived storage access on the non-tracking origin and any other non-tracking origins that appear further down the redirect chain (i.e., if the load continues to redirect). The tracking origin must have received user interaction as a first party within the past 30 days, and the storage access permission expires after 15 minutes.
Gary: what do you mean by overwritten?
|
|
Assignee | |
Comment 9•4 years ago
|
||
(In reply to Steven Englehardt [:englehardt] from comment #7)
(In reply to Gary Chen [:xeonchen] from comment #4)
This check may be overwritten by AntiTracking's heuristic:
When there is a top-level redirect from a tracking origin to a non-tracking origin, the tracking origin receives short-lived storage access on the non-tracking origin and any other non-tracking origins that appear further down the redirect chain (i.e., if the load continues to redirect). The tracking origin must have received user interaction as a first party within the past 30 days, and the storage access permission expires after 15 minutes.
Gary: what do you mean by overwritten?
I mean there exists 2 heuristics checking for redirections: one is Anti-Tracking (HA), the other one is Dynamic FPI (HD).
If there is a redirection from tracker, HD will no longer grant the permission, but HA still grant a 15-minute permission.
|
|
Reporter | |
Comment 10•4 years ago
|
||
(In reply to Gary Chen [:xeonchen] from comment #9)
(In reply to Steven Englehardt [:englehardt] from comment #7)
(In reply to Gary Chen [:xeonchen] from comment #4)
This check may be overwritten by AntiTracking's heuristic:
When there is a top-level redirect from a tracking origin to a non-tracking origin, the tracking origin receives short-lived storage access on the non-tracking origin and any other non-tracking origins that appear further down the redirect chain (i.e., if the load continues to redirect). The tracking origin must have received user interaction as a first party within the past 30 days, and the storage access permission expires after 15 minutes.
Gary: what do you mean by overwritten?
I mean there exists 2 heuristics checking for redirections: one is Anti-Tracking (HA), the other one is Dynamic FPI (HD).
If there is a redirection from tracker, HD will no longer grant the permission, but HA still grant a 15-minute permission.
Thanks I think that's acceptable for now. I'd like to revisit the 15 minute tracker heuristic at some point since the notion of "short-lived" access isn't very meaningful, but that's not needed for this bug.
|
|
||
Comment 11•4 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/1b7929bcdad3
https://hg.mozilla.org/mozilla-central/rev/d681a17e123a
https://hg.mozilla.org/mozilla-central/rev/3c66e591e1e5
Description
•