Summary Total Cookie Protection has been enabled by default in Firefox 103. Users now have storage partitioning which protects them from third-party tracking. However, Blob URLs remain unpartitioned and hence still put our users at risk because a Blob can be used as a tracking factor.
To close this loophole, we can partition Blob URLs by using the partitioning key (top-level domain). Entailing, the blob URL will be double-keyed, so blob URLs can only be resolved if the top-level domain is the same as the top-level domain where the blob URL was created. Standard: https://github.com/w3c/FileAPI/issues/153 Bug Bug 1686111 - [meta] Blob URL partitioning <https://bugzilla.mozilla.org/show_bug.cgi?id=1686111> Platform coverage All Preference privacy.partition.bloburl_per_partition_key DevTools bug N/A Other browsers Neither Safari or Chrome partition Blob URLs. Brave does partition Blob URLs. Web-platform-tests N/A -- Abhishek Madan Mozilla email:[email protected] -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/88cc7630-0fe7-4a93-af21-2e18daaeb349n%40mozilla.org.
