Hi Mike, Apologies for that. The Standard that is more in line with what we are shipping is https://github.com/privacycg/storage-partitioning as we are partitioning Blob URLs by the top-level domain.
Sincerely, Abhishek On Friday, August 25, 2023 at 4:07:30 PM UTC-4 [email protected] wrote: > Hi Abhishek, > On 8/25/23 11:28 AM, Abhishek Madan wrote: > > Summary > > Total Cookie Protection has been enabled by default in Firefox 103. Users > now have storage partitioning which protects them from third-party > tracking. However, Blob URLs remain unpartitioned and hence still put our > users at risk because a Blob can be used as a tracking factor. > > To close this loophole, we can partition Blob URLs by using the > partitioning key (top-level domain). Entailing, the blob URL will be > double-keyed, so blob URLs can only be resolved if the top-level domain is > the same as the top-level domain where the blob URL was created. > Standard: > > https://github.com/w3c/FileAPI/issues/153 > > This is just an issue, rather than a standard. Do you intend to update the > spec to match what you're shipping? (I didn't see any relevant PRs, but I > might have missed one.) > > best, > Mike > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/fdd94e0d-2fcd-40f5-b060-7b2f44582346n%40mozilla.org.
