Summary: Browser tracking protections, such as third-party cookie restrictions, can be bypassed using bounce tracking <https://privacycg.github.io/nav-tracking-mitigations/#bounce-tracking> which uses short-lived top level redirects to persist first-party state. Gecko already ships Cookie Purging <https://firefox-source-docs.mozilla.org/toolkit/components/antitracking/anti-tracking/cookie-purging/index.html> to mitigate this. We intend to prototype Bounce Tracking Protection - a new standardised variant of Cookie Purging that uses heuristics to detect bounce trackers, rather than relying on tracker lists.
We plan to enable the feature in Firefox Nightly by the end of the week. Please let me know if you have questions or concerns. You can also find us in #anti-tracking on Matrix <https://matrix.to/#/%23anti-tracking:mozilla.org>. Bug: Bug 1839915 [meta] <https://bugzilla.mozilla.org/show_bug.cgi?id=1839915>, Bug 1895222 - Enable in Nightly <https://bugzilla.mozilla.org/show_bug.cgi?id=1895222> Specification (draft): https://privacycg.github.io/nav-tracking-mitigations/#bounce-tracking-mitigations Platform coverage: Firefox Desktop, Android (Fenix) Preferences: Enable the feature: privacy.bounceTrackingProtection.enabled = true Enable tracker data purging: privacy.bounceTrackingProtection.enableDryRunMode = false DevTools bugs: - Bug 1844558 - Log a message to the web console if a site is classified as a potential bounce tracker <https://bugzilla.mozilla.org/show_bug.cgi?id=1844558> - Bug 1844561 - Log a message to the web console on first visit after a site's state has been purged <https://bugzilla.mozilla.org/show_bug.cgi?id=1844561> Link to standards-positions discussion: https://mozilla.github.io/standards-positions/#bounce-tracking-mitigations Other browsers: - Blink: "shipped" (since version 116 <https://chromestatus.com/feature/5705149616488448>, in contexts where 3rd-party cookies are restricted by default) - WebKit: No signal ( https://github.com/WebKit/standards-positions/issues/214) web-platform-tests: Not implemented yet, blocked on https://github.com/web-platform-tests/wpt/issues/17489. The feature has Gecko tests. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAPdF9uOhcC%2B7%3D9M25kzWW9C4Ok_EART%3DnBb1hc92%3DDbEZuxU%2BQ%40mail.gmail.com.
