Just a quick update: This new policy has now been made the new default in Nightly in https://bugzilla.mozilla.org/show_bug.cgi?id=1492563.
On Fri, Sep 21, 2018 at 3:15 PM Steven Englehardt <sengleha...@mozilla.com> wrote: > Technical documentation for this is now available on MDN: > https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Storage_access_policy > > On Wed, Sep 19, 2018 at 10:24 PM Ehsan Akhgari <ehsan.akhg...@gmail.com> > wrote: > >> Hi everyone, >> >> This is a (belated) intent to implement, as well as an intent to ship, a >> new cookie jar policy to block storage access to tracking resources. This >> work has been under development for several months now and has been >> tracked >> in https://bugzilla.mozilla.org/show_bug.cgi?id=cookierestrictions. >> >> As of Firefox 65, I intend to turn on our new cookie jar policy to block >> storage access from tracking resources by default on all desktop platforms >> (assuming our testing goes well). This feature has been developed behind >> the network.cookie.cookieBehavior preference (when set to 4). No other UA >> is shipping this feature, although Safari 12 ships a somewhat similar >> feature ( >> https://webkit.org/blog/8311/intelligent-tracking-prevention-2-0/). >> >> Bug to turn on by default: >> https://bugzilla.mozilla.org/show_bug.cgi?id=1492549 >> >> Please note that this feature uses the Disconnect list in order to >> identify >> tracking resources, so it is not going to have any effect if you have >> Tracking Protection turned on, or if you have installed a privacy >> extension >> and/or an ad blocker (examples include Privacy Badger, uBlock Origin and >> Ghostery). If you are a Nightly tester using such a feature, it would be >> hugely helpful to us in the next few months if you would kindly consider >> disabling such features and just use the default configuration of Nightly, >> as this is what we are intending to ship to all our users soon. If you >> encounter any web page breakage as a result of testing this feature, >> please >> consider filing a bug and making it block >> https://bugzilla.mozilla.org/show_bug.cgi?id=1480137. >> >> Since this isn’t a typical web feature, the standard “intent to implement” >> template isn’t really helpful for it, but here is some of the information >> surfaced from that template that apply to this feature: >> >> Platform coverage: the Gecko part is cross-platform, but the UI for the >> feature has been developed on desktop for now, so we’re planning to enable >> it on desktop at the moment. >> >> Estimated or target release: Firefox 65. Please note that this feature is >> currently undergoing a Shield Study on Beta 63, and the estimated target >> release is assuming the successful outcome of that study and the continued >> ongoing testing of the feature. >> >> DevTools bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1462372 >> >> Is this feature restricted to secure contexts? No, it doesn’t distinguish >> secure vs. non-secure contexts. This isn’t a new web-facing API, rather >> it >> is intended to be a new privacy protection for our users. As such, we >> intend to impose the new restrictions for tracking resources on both >> secure >> and non-secure contexts. It should be noted that some non-secure tracking >> vectors, e.g. HTTP cookies, can also be used for pervasive tracking by >> passively monitoring the user’s connection, and while cracking down on >> passive tracking isn’t a direct goal of this feature, it is a good >> justification for not limiting these restrictions to secure contexts. >> >> Last but not least, in preparation for this intent to ship, we’ll be >> gradually exposing more users to the feature. The first part of this has >> already been done in the form of the Shield Study mentioned above. As the >> second part of this process, I intend to turn this feature on by default >> on >> all desktop platforms for Nightly only in >> https://bugzilla.mozilla.org/show_bug.cgi?id=1492563. >> >> Thanks, >> >> Ehsan >> _______________________________________________ >> dev-platform mailing list >> dev-platform@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-platform >> > -- Ehsan _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
