We plan to enable this in Nightly this week. This is a pref-only patch (bug 1628486).
Gary On Mon, Apr 20, 2020 at 12:38 PM Gary Chen <xeonc...@mozilla.com> wrote: > > # Summary > > First-Party Isolation (FPI) is an Anti-Tracking feature that partitions most > third-party state and communication channels by the top-level website. It > uses the first-party eTLD+1 as part of the storage key and origin checks, > such that third-party iframes embedded in different websites will have > separate storage locations and are not considered same-origin. FPI has long > been the Tor Browser’s default storage model. > > > FPI works well for most websites, but can break some types of embedded > content. We’ve developed *dynamic* FPI [0] to mitigate this type of breakage. > Dynamic FPI (dFPI) creates the same storage partitions as FPI, but has the > ability to relax partitioning under certain conditions. dFPI supports the > automated storage access compatibility heuristics [1] supported by our other > cookie policies, as well as the Storage Access API. These heuristics can > mitigate the types of breakage caused by standard FPI. > > > # Storage locations and communication channels covered > > dFPI partitions all of the same storage and communication channels that are > partitioned by originAttributes in FPI or containers. dFPI relies on the > StoragePrincipal, introduced last April [2], to relax partitioning for a > subset of these APIs. The full set of APIs covered by the StoragePrincipal > are documented here [3]. > > > Note that after storage access is granted dFPI will immediately relax > partitioning for the APIs covered by the StoragePrincipal within an agent > cluster. It will also relax all partitioning (including that not covered by > the StoragePrincipal) for that third-party in future agent clusters. We’re > tracking this in: https://bugzilla.mozilla.org/show_bug.cgi?id=1630687. > > > We are also tracking stateful APIs that aren’t currently covered by > first-party isolation in > https://bugzilla.mozilla.org/show_bug.cgi?id=1590107. We welcome new reports! > > > # Testing and Website breakage > > We’d like to enable dynamic FPI by default on the Nightly channel in the > coming weeks. Before then, it would be great to get early feedback from you. > If you’re willing to help, please enable dFPI using the following steps: > > In about:preferences#privacy select “Custom” under Enhanced Tracking > Protection > > For Cookies, select: “Cross-site and social media trackers, and isolate > remaining” > > > Note: This will log you out of websites that use third party cookies for > managing login state. > > > This feature *fundamentally changes* how we approach cross-site state in > Firefox, and it's incredibly important that we learn how web-compatible the > dFPI model is. We are committed to fixing that breakage whenever possible, > and expect to continue to iterate on dFPI’s design in Nightly. > > > Please help us by reporting any breakage on bugzilla by blocking the meta > bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1549587 > > > The types of breakage you may experience are those that rely on cross-site > log-in, payment, online banking, and other features that use third-party > cookies frequently. > > > Minor site data UI inconsistencies are currently also expected, they can be > found in the meta bug as well. > > > # Preference > > network.cookie.cookieBehavior=5 > (BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN [4]) will be set on Nightly > only. > > > # Other browsers > > Safari has had partitioned storage (with the exception of cookies) for many > years > > Chrome has documented their storage isolation project [5], which has a > similar goal of isolating stateful APIs. > > > # FAQ > > > Q: Does dFPI disable tracking cookie blocking? > > A: No, both are enabled under network.cookie.cookieBehavior=5. > > > Q: How will dFPI impact containers users? > > A: dFPI uses a different origin attribute than containers (including Facebook > container), which use userContextId. dFPI should layer on top of these > features, and thus not impact them. > > > Q: How will dFPI impact FPI users? > > A: dFPI uses the same first-party domain origin attribute as FPI. This means > that dFPI will re-use the same isolated cookie jars when layered over FPI. > dFPI currently causes some storage locations to switch to a _different_ > isolated storage jar; this issue is tracked in > https://bugzilla.mozilla.org/show_bug.cgi?id=1630796. Note that storage > access permissions will *not* apply to FPI’s isolated storage, so we do not > weaken the isolation guarantees of FPI. > > > Q: Will dFPI impact extension storage? > > A: No. Similar to FPI, extension storage is exempt from isolation. See: > https://searchfox.org/mozilla-central/rev/567b68b8ff4b6d607ba34a6f1926873d21a7b4d7/caps/OriginAttributes.cpp#80-85 > > > [0] https://bugzilla.mozilla.org/show_bug.cgi?id=1549587 > > > [1] > https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Storage_access_policy#Storage_access_grants > > > [2] https://groups.google.com/forum/#!topic/mozilla.dev.platform/b8A8LrQGOYs > > > [3] > https://searchfox.org/mozilla-central/rev/567b68b8ff4b6d607ba34a6f1926873d21a7b4d7/toolkit/components/antitracking/StoragePrincipalHelper.h#13 > > > [4] > https://searchfox.org/mozilla-central/rev/567b68b8ff4b6d607ba34a6f1926873d21a7b4d7/netwerk/cookie/nsICookieService.idl#71-82 > > > [5] > https://docs.google.com/document/d/1V8sFDCEYTXZmwKa_qWUfTVNAuBcPsu6FC0PhqMD6KKQ/edit > > > Gary _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
