New development:
https://webkit.org/blog/8613/intelligent-tracking-prevention-2-1/
In particular:
-
WebKit implemented partitioned caches more than five years ago. A
partitioned cache means cache entries for third-party resources are
double-keyed to their origin and the first-party
On Fri, 18 Jan 2019 at 21:00, Richard Pospesel wrote:
> The Double-Keyed Redirect Cookies + 'Domain Promotion' tries to fix this
> multiple/hidden session problem by promoting the cookies of double-keyed
> websites to first-party status in the case where the originating domain is
> positively
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
For background: Currently with first-party isolation enabled if foo.com embeds
content from bar.com the cookies we would send to bar.com would come from the
foo.com|bar.com double-keyed bucket, whereas if we were to visit bar.com
directly the
Richard Pospesel:
> And here's a link that actually works:
> https://storm.torproject.org/shared/Kw99Ow0ExZFFC6FKD5CeryfVFAoAL9Z_iEVlflI0fiL
Thanks for collecting and sharing all the possible ideas here. Some
comments come to mind after thinking a bit about it.
1) We probably won't get that
Richard Pospesel:
> And here's a link that actually works:
> https://storm.torproject.org/shared/Kw99Ow0ExZFFC6FKD5CeryfVFAoAL9Z_iEVlflI0fiL
Thanks for collecting and sharing all the possibly ideas here. Some
comments come to mind after thinking a bit about it.
1) We probably won't get that
I spent some time reading through the Mix and Match proposal. I'm not
sure I understand it.
In particular, I am confused about:
The proposal seems to focus heavily on what we do with state we
receive as part of the redirect. Do we promote it, do we leave it
double keyed. It doesn't seem to
And here's a link that actually works:
https://storm.torproject.org/shared/Kw99Ow0ExZFFC6FKD5CeryfVFAoAL9Z_iEVlflI0fiL
On 10/26/18 1:34 PM, Richard Pospesel wrote:
> Hey y'all,
>
> For the past little while I've been working on a technical overview doc for
> #3600 (Prevent redirects from
Hey y'all,
For the past little while I've been working on a technical overview doc for
#3600 (Prevent redirects from transmitting+storing cookies+identifiers)
detailing the problems, scenarios and possible solutions. Please take a look
and feel free to comment, edit or add!
Link: