Re: [tor-dev] #3600 tech doc

2019-03-13 Thread Tom Ritter
New development: https://webkit.org/blog/8613/intelligent-tracking-prevention-2-1/ In particular: - WebKit implemented partitioned caches more than five years ago. A partitioned cache means cache entries for third-party resources are double-keyed to their origin and the first-party

Re: [tor-dev] #3600 tech doc

2019-01-18 Thread Tom Ritter
On Fri, 18 Jan 2019 at 21:00, Richard Pospesel wrote: > The Double-Keyed Redirect Cookies + 'Domain Promotion' tries to fix this > multiple/hidden session problem by promoting the cookies of double-keyed > websites to first-party status in the case where the originating domain is > positively

Re: [tor-dev] #3600 tech doc

2019-01-18 Thread Richard Pospesel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 For background: Currently with first-party isolation enabled if foo.com embeds content from bar.com the cookies we would send to bar.com would come from the foo.com|bar.com double-keyed bucket, whereas if we were to visit bar.com directly the

Re: [tor-dev] #3600 tech doc

2019-01-11 Thread Georg Koppen
Richard Pospesel: > And here's a link that actually works: > https://storm.torproject.org/shared/Kw99Ow0ExZFFC6FKD5CeryfVFAoAL9Z_iEVlflI0fiL Thanks for collecting and sharing all the possible ideas here. Some comments come to mind after thinking a bit about it. 1) We probably won't get that

Re: [tor-dev] #3600 tech doc

2019-01-11 Thread Georg Koppen
Richard Pospesel: > And here's a link that actually works: > https://storm.torproject.org/shared/Kw99Ow0ExZFFC6FKD5CeryfVFAoAL9Z_iEVlflI0fiL Thanks for collecting and sharing all the possibly ideas here. Some comments come to mind after thinking a bit about it. 1) We probably won't get that

Re: [tor-dev] #3600 tech doc

2018-11-15 Thread Tom Ritter
I spent some time reading through the Mix and Match proposal. I'm not sure I understand it. In particular, I am confused about: The proposal seems to focus heavily on what we do with state we receive as part of the redirect. Do we promote it, do we leave it double keyed. It doesn't seem to

Re: [tor-dev] #3600 tech doc

2018-10-29 Thread Richard Pospesel
And here's a link that actually works: https://storm.torproject.org/shared/Kw99Ow0ExZFFC6FKD5CeryfVFAoAL9Z_iEVlflI0fiL On 10/26/18 1:34 PM, Richard Pospesel wrote: > Hey y'all, > > For the past little while I've been working on a technical overview doc for > #3600 (Prevent redirects from

[tor-dev] #3600 tech doc

2018-10-26 Thread Richard Pospesel
Hey y'all, For the past little while I've been working on a technical overview doc for #3600 (Prevent redirects from transmitting+storing cookies+identifiers) detailing the problems, scenarios and possible solutions. Please take a look and feel free to comment, edit or add! Link: